How can we overcome sport’s data-sharing dilemma?
Earlier this year, we teamed up with Genius Sports to bring together sixteen national and international sports at a Clue Communities event dedicated to managing and mitigating real-world challenges to sports integrity.
Since the event I have been thinking about how Clue and our sports community can help the wider sports integrity ecosystem, by trying to positively progress the thorny issue of data management and data sharing.
This perennial problem of data sharing repeatedly raises two common questions; ‘Can I share it?’ and ‘Should I share it?’
Where are we with data sharing in sport?
Since the introduction of the General Data Protection Regulation (GDPR) in May 2018, and with due regard to the withdrawal of the United Kingdom in January 2020 from the European Union, where are we now with data and sharing?
How can we ensure that the sports investigative community comply with relevant legislation and share when and where we can.?
Sports integrity bodies have always had to deal with the challenges of data sharing whether it be safeguarding, doping or match manipulation. Personally identifiable information (PII) and ‘special category data’ sits front and centre of their daily data processing activities.
Safeguarding practitioners must be confident in sharing with relevant statutory and non-statutory bodies. They should understand that the GDPR, Data Protection Act 2018 and human rights law are not barriers to justified information sharing. You may share safeguarding information without consent if in your judgement there is a lawful basis to do so, such as where safety may be at risk.
Clue enables you to document your decision-making so that your thought processes and rationale are evidentially captured and capable of withstanding both internal and external scrutiny.
Sporting data can often contain ‘special category data’. The UK GDPR defines ‘special category data’ to include genetic data, biometric data (where used for identification purposes) and data concerning health. The protections are built in to ensure specific protection of an individual’s fundamental rights and freedoms, for example, the right to bodily integrity and the right to respect for private and family life. It is important to realise that some of the protected characteristics in the Equality Act are also classified as special category data e.g., disability, pregnancy and gender reassignment – so as it may reveal information about a person’s health.
Whether it be data about an individual’s mental well-being or information about a twisted ankle e.g., sports injury – both are data concerning health and your management of this type of data needs to be exemplary.
Under UK GDPR, to ensure your processing is lawful, remember you will need:
- An Article 6 basis for processing e.g. legitimate interest.
- An Article 9 specific condition e.g. Reasons of substantial public interest [with a basis in law e.g. Part 2 Schedule 1 DPA 2018 – 27 Anti-Doping in Sport or 28 – Standards of Behaviour in Sport ].
- In addition, you will require an Appropriate Policy Document and, possibly, a Data Protection Impact Assessment (High-Risk or use of innovative technology).
Clue enables auditable decisions to be linked to these relevant documents and assessments.
Sports governing bodies undertaking investigatory activity must have the ability and technical mechanism to manage the responsibilities of processing these types of data. It needs to include a privacy policy that is reflective of not only the legitimate interest but clearly details the processing and activities in relation to review, retention, deletion, redaction and subject access request management.
Clue can directly improve the management of these issues by providing a sophisticated yet simple permission and access functionality, archive methodology, and automated data retention and review workflow.
For example, how do we grade and assess the intelligence we decide share to with external organisations and statutory bodies? Using Clue, our sports customers can document both a Source and Intelligence evaluation and then apply precise handling codes. This activity is effectively managed with a supervised workflow and underpinned by bespoke risk assessments. This intelligence can then be directly shared by secure API to another Clue user. This significantly reduces the risk that sharing by email brings as well as increasing productivity and continuity of data standards and processes across the community. Setting appropriate automated review and retention dates will also ensure that intelligence is held for only as long as is necessary thereby reducing the possibility of a breach of Article 5.
The Clue sports community is looking at driving information sharing to the next level and setting the standards and benchmark data exchange. It will, I appreciate, be small steps, but these steps will be forward,
If you want to see Clue help you manage these data-sharing issues or find out more about joining our Clue Communities, contact me at phil.suddick@cluesoftware.com
Related Resources
Insights from our insider threat webinar
Are you prepared for insider threats? Our latest webinar united experts to explore this complex and evolving challenge.
Learn more
Infographic: The Clue user threat landscape
Our latest visual highlights the expanse of evolving threats Clue users face daily.
Learn more
4 insights from our anti-doping webinar
Anti-doping leaders joined us to explore how to better protect sports and athletes with intelligence-led approaches.
Learn more
On May 16, 2PM BST, we are gathering experts from the world of sports integrity to reflect on the huge benefits of collaborative intelligence and investigations, and how organisations can break away from isolated operations. Register below to secure your space.