With the rapid growth in technology and esports in general, the risks of big data analytics and privacy are now more relevant than ever. After the EU General Data Protection Regulation this past May, my experience in the NFL has reflected changes to our own data privacy terms and conditions not only for general websites, but now for the new “digital season ticket,” and personal team mobile applications.
Following the EU protocol, the NFL is now also attempting to standardize and improve consumer personal information and find ways to limit access and usage of data:
There are many issues associated with the collection of Big Data that can pose risks to our brand, sponsors, and licensees. Teams must be wary of storing large amounts of personal or private information that does not serve a business purpose. Furthermore, teams must weigh the storage of Big Data with certain privacy laws and regulations that are centered on using big data effectively, efficiently, and legally. For example, the Electronic Communication Privacy Act outlaws the unauthorized interception of wire, oral, or electronic communications and the Stored Communications Act regulates the privacy of stored electronic communications. The Children’s Online Privacy Protection Act (COPPA) also protects Big Data by protecting the online gathering of data from children who are under the age of 13, and other state and federal laws are in place to regulate the collection and storage of data as well. These are all relevant not only for traditional leagues, but now the esports leagues as well.
In addition to the regulatory schemes surrounding data protection, certain industry standards exist, such as the Payment Card Industry Data Security Standard (PCI-DSS) for organizations that handle credit card information and the Digital Advertising Alliance’s (DAA’s) AdChoices self-regulatory program for targeted advertising. Organizations must be wary of self-imposed pledges of “industry standard” practices, as ambiguity can lead to broken promises. For example, an Illinois woman sued LinkedIn in 2012 for failing to adequately encrypt passwords when an “industry standard” was pledged, and the suit was settled in 2014 for 1.25 million dollars. It is apparent that the regulations are in place and the mechanisms for improving are being altered as we continue to grow in sports forward.
All in all, the NFL has put several Cybersecurity webinars in place to help mitigate issues and tackle risks before they may rise to litigation.
Since I have recently shifted gears from working in the NFL to working in esports, I think the direction that esports is taking means that cybersecurity and data privacy will be most prominent and necessary here. Esports, by nature of its digital platform, is the most at risk to data breach issues. It is an exciting time to be a fan, lawyer, and millennial and this is where young and innovative minds and perspectives will help change and shape the new fan experience.
