The Cambridge Analytica scandal – and the introduction of GDPR – has created a lack of clarity about how sporting bodies can and should use data, says Richard Clarke.
Who remembers Y2K?
You must do. It was the technological tsunami was going to hit us right after we partied like it was nineteen ninety-nine! All the world’s computers would crash and online systems would go on the fritz, because the date at the turn of the millennium would be 01/01/00, which could be 1900 or 2000.
It did not happen. In fact, in digital terms, it may turn out to be the scare story of the millennium. This one or the last, take your pick.
Sport has treated General Data Protection Regulation (GDPR) in the same way – fear-filled rigour, laid-back laissez-faire and everything in between.
The EU directive becomes active on May 25. It is a much-welcomed tightening of data processing and management laws that, despite its European origins, will affect most worldwide sporting bodies.
However, the fines involved, 20m Euros or up to 4% of global turnover, meant this was never going to be a Y2K.
Meanwhile, the Facebook/Cambridge Analytica story has put data privacy on the front page and Mark Zuckerberg in a fraught and pretty embarrassing Congressional hearing.
Given their total market dominance and ability to buy or overpower their opposition, a dramatic u-turn in public opinion, especially among the younger demographic, was the only real threat to Facebook on the immediate horizon.
We don’t yet know if this is it.
But we do know that sport is a bit scared.
The local authorities on the Gold Coast laid cable to provide spectators to the Commonwealth Games with a wifi connection at 10 times the normal speed. The data they gained in exchange was going to revolutionise their understanding of the tourism market. However, the log-in was via Facebook and so they scrapped it a few weeks before the event.
This is an interesting precedent, arguably a necessary, safety-first that will protect the good name of the ‘Friendly Games’.
Having run content/digital strategy for football teams on both sides of the Atlantic, I know the data potential in-stadium wifi is huge. Such connectivity is widespread in the US, especially in the arenas that house hockey and basketball teams. It is used both by teams and fans to amplify the “narrative”. This is crucial for every club but especially those playing so often.
Another difference was that season-ticket swapping is much more common in the US. This somewhat scuppers the execution of that oh-so-slick CRM plan. You won’t get a coherent single view of the fan if you are not dealing with one person. (Anyone who shares their Netflix account with their kids will see such dissonance in the recommendations the OTT platform throws at them.)
One straightforward workaround was to incentivise fans to check-in via Facebook at the event using a competition and then pitch ads against data set in the days that followed. It was not perfect but at least you could reach those who actually sat in the seat. It felt like that deal you strike at a foreign airport: free wifi if you watch an advert or hand over data. On the face of it, a no-brainer.
But this is all based on the public freely giving up their data and recent revelations have made us think before we click “agree”.
Before the Facebook scandal even erupted, Manchester United had decided to ask their entire database to give the clear and express consent GDPR requires.
This is “belt and braces” approach designed to avoid all legal comeback. They should be applauded for being proactive but the policy may put a severe dent in the size of their database. Something they will have sought to monetise in one way or another.
And here’s another question. Manchester United are looking for a Yes or a No. You can dress it up all you want but this will be a boring, easily ignored email.
So what happens if a current registrant does not reply or does not receive it for any reason? Presumably, you have to take that as a negative.
From my conversations around the industry, there have been very few negative comments about the introduction of GDPR. It is seen as a necessary update to a system that has not been revised since the revolution in the way this data is manipulated. The legal tone seems to be flexible – ‘do your preparation, reassess you data practice and we’ll give you time to adapt’. That said, someone will be ensnared in a test case at some point and there are many grey areas.
For example, there is the issue of retargeting. This is when you search for a product and adverts follow you around as you browse. (To cut a long story short, it is about tracking cookies). Some have suggested every potential advertiser wanting to use such retargeting data may need ‘expressed consent’. I can’t see this happening but it is an interesting question. Especially as this is another mechanism for rights-holders to provide value to partners.
If anything, the Cambridge Analytica scandal should help the process of adherence. But it will be a long road.
For years, we have been told: “data is the new oil”. Fit and proper usage is being adjusted by GDPR but control of the supply may be determined by the public’s reaction to the current scandal. Do not expect clarity for some time yet.
Richard Clarke is a digital and social media consultant. He holds the distinction of having run the social media accounts at major football clubs in the Premier League and MLS, having worked for EPL club Arsenal and MLS club the Colorado Rapids.