, 9 tweets, 4 min read Read on Twitter
My observations on the Spanish DPA #GDPR fine (thread): First, @LaLigaEN still arguing a yr later that their tech is misunderstood. App uses "audio fingerprinting" by which tiny fragments of audio sent for comparison w/content library & then discarded. 1/9
& on this basis they argue that the processing =/= personal data. The use case (detecting unlicensed soccer streaming) makes it challenging: wouldn't a common ID be needed to cross-reference audio + geo? But if not associated w/ user at point of collection? Maybe. 2/9
Side note: audio fingerprinting is pretty common: Shazam, the latest Pixels, & in most Smart TVs for viewing measurement. Greatest concerns for privacy advocates are if/when used between devices (e.g. phone/laptop surreptitiously "listening" for TV content, as done here). 3/9
Here's the opt-in, pretty clear by US standards: "Protect your team! Clicking here, you accept that La Liga will use your personal data, incl. from microphone and GPS, to detect frauds in unauth. soccer consumption in public establishments." (Consent not req'd to use the app) 4/9
Nonetheless @AEPD_es finds it lacking under #GDPR for clarity & ease of withdrawing consent. One-time notice in ToS insufficient, given the sensitivity of ongoing mic access (& perhaps users' surprise/anger when this hit media last yr = res ipsa loquitur of lack of consent?) 5/9
Low hanging fruit b/c the practice FEELS so invasive -- and ironic b/c fraud detection a paradigmatic legitimate first-party use. But in this case, the fraud not occurring in the app itself but out in the physical world, to identify local bar owners breaking the law. 6/9
La Liga also re-kindled major trust issues w/ apps "listening." Surprising # of ppl convinced phone is "listening" to conversations despite no evidence. see @kashhill's gizmodo.com/these-academic… 7/9
Thus @LaLigaEN may have legit anti-fraud ends, might even be able to process data w/o PII (interesting to think about), but accomplishing these ends by collectively co-opting fans' devices played right into worst fears of 'surveillance capitalism.' 8/9
Looking ahead I wonder: (1) same or diff. outcome if all audio processing were to occur on-device?; & (2) does it matter if processing for: key words?; watermarks in copyrighted content?; audio "beacons" to infer geo?; or other audio-based processing (ambient noise for auth?) 9/9
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Stacey Gray
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!