,
9 tweets,
4 min read
Read on Twitter
& on this basis they argue that the processing =/= personal data. The use case (detecting unlicensed soccer streaming) makes it challenging: wouldn't a common ID be needed to cross-reference audio + geo? But if not associated w/ user at point of collection? Maybe. 2/9
Side note: audio fingerprinting is pretty common: Shazam, the latest Pixels, & in most Smart TVs for viewing measurement. Greatest concerns for privacy advocates are if/when used between devices (e.g. phone/laptop surreptitiously "listening" for TV content, as done here). 3/9
Here's the opt-in, pretty clear by US standards: "Protect your team! Clicking here, you accept that La Liga will use your personal data, incl. from microphone and GPS, to detect frauds in unauth. soccer consumption in public establishments." (Consent not req'd to use the app) 4/9 
Low hanging fruit b/c the practice FEELS so invasive -- and ironic b/c fraud detection a paradigmatic legitimate first-party use. But in this case, the fraud not occurring in the app itself but out in the physical world, to identify local bar owners breaking the law. 6/9
La Liga also re-kindled major trust issues w/ apps "listening." Surprising # of ppl convinced phone is "listening" to conversations despite no evidence. see @kashhill's gizmodo.com/these-academic… 7/9
Thus @LaLigaEN may have legit anti-fraud ends, might even be able to process data w/o PII (interesting to think about), but accomplishing these ends by collectively co-opting fans' devices played right into worst fears of 'surveillance capitalism.' 8/9
Looking ahead I wonder: (1) same or diff. outcome if all audio processing were to occur on-device?; & (2) does it matter if processing for: key words?; watermarks in copyrighted content?; audio "beacons" to infer geo?; or other audio-based processing (ambient noise for auth?) 9/9
