LaLiga (Liga Nacional de Fútbol Profesional)

What happened

Spain's AEPD fined LaLiga, the Spanish football league, €250,000 for using its official mobile app to covertly access users' microphones and GPS location to detect bars and restaurants illegally broadcasting football matches without a commercial license. The app activated the device microphone once per minute during match times to capture ambient audio and match it against official broadcast signals. While LaLiga argued this was disclosed in the privacy policy, the AEPD found the consent mechanism was buried in terms of service and not sufficiently transparent. The practice affected approximately 10 million app users who were unknowingly turned into surveillance tools for copyright enforcement.

Articles violated

Lessons learned

Using device sensors (microphone, camera, location) for purposes beyond the app's core functionality requires prominent, specific consent. Burying surveillance features in lengthy privacy policies is not valid consent. Data minimization applies to the means of enforcement — using 10 million users' microphones to detect piracy is disproportionate. This case shows that creative technical approaches to business problems can still violate privacy law if they are not proportionate and transparent.