España cambió el sistema de comercialización de los derechos audiovisuales, a cargo de cada club y favoreciendo de esta forma a los clubes más poderosos, para pasar a un régimen centralizado de negociación como rige en la mayoría de los países.

Explicación de ABC sobre los alcances del Real Decreto que modifica el sistema de reparto del dinero de la televisación del fútbol en España.

Relevant recommendations from Argentine National Personal Data Protection Direction regarding privacy protection in the development of Software Applications. IoT will be subject to these guidelines?

The National Personal Data Protection Direction (hereinafter “NPDPD”) recently approved the Recommended Good Practices regarding Privacy for the development of Software Applications (hereinafter “RGPPSA”). Although the RGPPSA are not mandatory they should be considered as guidelines to be followed as it is the first document issued by the NPDPD to provide orientation in the management of privacy for the software industry.   

The RGPPSA become crucial for the new era of software application developments related to Big Data and Internet of Things where sensitive consumer information may be jeopardized.

The RGPPSA set forth the following 8 basic steps to develop software safeguarding privacy: i) keep in mind privacy in all the process of the company developing the software applications; ii) to develop the applications following the Privacy by Design criteria meaning that the privacy protection shall be considered since the first steps of the application design and followed in all the other phases of the development of the system or application; iii) set forth a clear privacy policy and accessible for the personal data owners; iv) to set up by default the activation of privacy options (Privacy by Default) in a way that shall imply an express voluntary act from the data owner to share personal information or deactivate privacy options; v) provide to data owner the right to choose and control; vi) to limit the quantity of data to be collected and kept through the Privacy-Enhancing Technologies (PET) that are certain measures that permit to eliminate or minimize personal data and avoiding unwanted process of personal data without affecting the functionalities of the information service; vii) ensure the personal data collected; viii) to assume liability for the data collected with the appointment of a Responsible for privacy issues.

Among the PET tools mentioned by the RGPPSA to protect privacy are: a) Dissociation of data: mechanism to hide the data owner´s identity avoiding the association of the data with determined person or determinable person; b) Pseudonymisation: allow to perform operations without identifying the data owner, identified only with a pseudonym; c) Information Security:  The main goal is to avoid any unauthorized access to the systems, files or communications through a network; d) Metadata:  Recommended to incorporate labels to be added to those files with personal data explaining the source, obtained consent and scope of the referred consent, how they can be used, privacy policy that are applicable and applicable term of storage; v) Encryption: The use of this mechanism shall not be limited to secure storage as it shall be extended to ensure its integrity, a safety transport through a network or physical devices or secure access to personal data. 

Recommendations given by RGPPSA for privacy policy implementation: Provide clear explanation about the type of information requested, the way in which it will be used and with whom is going to be shared.

The privacy policy should be simple and standardized to facilitate its reading and understanding by the data owners and clearly explaining data process subject under the application. Therefore the policy should explain the peculiarities of its application avoiding to incur in cut and paste practices of other policy applicable to other application or developer. Any change incorporated to the policy should be duly notified.

Pursuant to RGPPSA any privacy policy shall comply with the following guidelines:

i)                    Provide a definition of the protected matter under the privacy policy (which is the   
subject matter to be protected, the scope (obligors under the policy to be implemented) and compatibility and interrelation with other policies (commercial information protection).

ii)                   Include a section of definitions included in the privacy policy that should follow the criteria of National Law of Personal Data Protection, Law N° 25,326 (hereinafter “NLPDP”).

iii)                 Comply with the following principles applicable to data protection: a) quality of data; b) data protection principles of free and informed consent in accordance with sections 5 and 6 of NLPDP; c) sensitive personal data treatment following provisions of section 7 of NLDPD.

iv)                 In the case of share or transfer of personal data to a third party it shall be clearly noted in the policy and comply with the requirements applicable to the personal data transfer in compliance of Section 11 of NLDPD (inform purpose of the assignment and the identification of third party receiving the data).

v)                  Adopt confidentiality agreements with employees and third parties providing services that make have notice of the personal data to be treated by the application.

vi)                  Include reference to personal data security policy and its applicable regulation regarding security manual. (Disposition DNPDP N° 11/06).

vii)               In the event of international data transfer the country receiving the data shall have sufficient level of protection in the treatment of personal data or the owner such data should have consented the transfer to such country. The RGPPSA clearly states that storage in the cloud shall be considered as an international data transfer.

viii)              If the use of personal data includes an advertisement goal the specific obligations mentioned in Section 27 of NLDPD and applicable regulations (Dispositions DNPDP N° 10/08 and 4/09) shall be complied.

ix)                 Include the procedures to allow the owner of the personal data exercise the access, rectification, suppression and blockage rights.

x)                  Inform who is the responsible of the Data Protection (it can be either identified officer or a specific area of the company). The Data Protection Officer will be responsible for: a) ensuring that any data treatment performed by any applications shall comply with data protection regulations; b) revise and keep updated the Privacy Policy of the organization and that the applications followed such policy; c) respond to any inquiry regarding the Privacy Policy, the rights of the personal data owner and the requirements from the competent authorities; d) Provide training on personal data protection to employees; and e) control those third parties to whom data is transferred or from whom is received (verify whether they are registered with the NPDPD).  

En consonancia con la nueva regulación de la FIFA sobre intermediarios o agentes la RFEF también ha dictado la suya pero con la duda si resulta aplicable el límite del 3% para la retribución de los intermediarios.

Reglamento-Intermediarios-de la Real Federación Española de Fútbol.