Talk To An Expert!
Nigerian Ai-Driven Sports Startups And Data Privacy Concerns

Nigerian Ai-Driven Sports Startups And Data Privacy Concerns

INTRODUCTION

The use of artificial intelligence (AI) by sports startups is on the increase, and it   has revolutionized the way athletes and sport talents are recruited and managed. However, this increase reliance on AI also raises significant concerns about data privacy. It has therefore, become imperative to strike a balance   between leveraging AI cutting -edge technology and safeguarding athletes’ privacy rights.

This article delves into the intersection of AI-driven recruitment and management of sports talents, and the demands of compliance to data privacy laws so as to protect personal data.

WHAT IS PERSONAL DATA

Personal data means any information relating to an individual, who can be identified or is identifiable, directly or indirectly by refence to an identifier such as name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, cultural, social, or economic identity of that individual. Essentially, if any information can be used to identify a person, either directly or indirectly, it is considered a personal data. This information is typically held electronically.

REGULATORY LANDSCAPE

The key legal frameworks that regulate data privacy in Nigeria are: General Data Protection Regulation (GDPR), Nigerian Data Protection Act (NDPA), and General Application and Implementation Directives (GAID). Nigerian AI-driven sports startups are subject to these frameworks, in their collection and processing of personal data of athletes.

GDPR: The GDPR is a comprehensive data protection law in European union (EU). It does not directly apply to Nigerian data subjects in the same way it applies to EU residents, except in a cross-border transfer. Thus, Nigerian sports startups that process the personal data of EU residents, fall within the applicable scope of GDPR.

NDPA: The NDPA is the extant and substantive legislative enactment in Nigeria, governing collection, processing and storage of personal data, crucial to AI system. Whereas, the GAID is a subsidiary regulation by Nigerian Data Protection Commission (NDPC), that provides practical guidelines for implementation of the NDPA.

Both GDPR and NDPA aim to protect individual data privacy, but they apply to different geographical scope. In practice, the principles of data protection and data subjects’ rights, under both laws are substantially the same.

The core principles include lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.

Data subjects (athletes) whose data is collected have rights like the right to be informed, access, rectification, erasure, restrict processing, data portability, and object to processing.  

It is a further regulatory requirement to conduct regular Data Audit, and Data Protection Impact Assessment (DPIA). Upon the completion of the audit, a Compliance Audit Returns (CAR) is filed with the commission.  DPIA is required, prior to processing of personal data, where the processing of such data may likely result in high risk to the rights and freedom of data subjects by virtue of its nature scope, context, and purposes. AI-driven sports startups by the reason of the sensitivity of data they process are required to file a DPIA before the commission or regulatory authority.

TYPES OF DATA COLLECTED AND PROCESSED

AI systems with advanced technologies like GPS tracker, biometrics analysis, and wearable devices are deployed to collect and analyze vast amounts of personal data from the athletes; from performance metrics to health information. The following types of data may be collected-

  • Personal information: address, phone number, email, social security number, driver’s license number, passport number.
  • Financial Information: Bank account details, credit card numbers.
  • Bio Metrics: Finger prints, facial recognition, voice print.
  • Health information: Medical history, health records, fitness tracking data insurance information.
  • Behavioral data: user interactions, browsing history, search queries.
  • Sensor data: Data from sensors, such as temperature, motion or pressure sensors, that can be used to track environment or physical locations.
  • Text and images data: Text documents, images, videos and other multimedia content that can be analyzed and processed by AI algorithms.

THE USE OF DATA COLLECTED

Athlete Profiling: Analyze athletes performance data, such as game statistics, speed, strength, and agility metrics, to identify top prospects and make informed decision.

Predictive Analytics: Use machine learning algorithms to forecast athlete potentials, predict future performance and identify areas of improvement.

Streamlined Scouting: Automate the scouting process by analyzing large datasets, reducing manual efforts and increasing efficiency.

Real-time Monitoring: Track athlete performance in real-time, enabling coaches and recruiters to respond quickly to changes in performance or availability.

CONSEQUENCES OF NON-COMPLIANCE AND/OR DATA BREACH

The European Data Protection Board (EDPB) and NDPC as the regulatory authorities over GDPR and NDPA respectively have the mandate to monitor compliance and impose monetary fines on non-compliant AI sports startups (data controllers). Both laws also provide mechanisms for data subjects to lodge complaints.

While the GDPR stipulates fines up to 10 million Euros, or the 2% of the company’s global turnover of the preceding year, whichever is higher. The NDPA provides for a fine up to 10 million naira or 2% of annual gross revenue, whichever is higher.  

Beyond monetary penalties by the regulatory authorities, there is legal remedies like damages, in favour of data subjects in event of data breach; and loss of reputation and trust.

CONCLUSION

Essentially, the concept of personal data is broad and is designed to protect individuals’ privacy. Data protection principles and practices are fundamental to ensuring that personal data is handled responsibly and with transparency. By prioritizing data protection, AI-driven sports startups can avoid monetary penalties, minimize risk of expensive law suit, build trust with stake holders, and foster innovations.

To accomplish this, organizations must put compliance strategies into practice, ensuring alignment with applicable privacy laws and regulations.

Chinedum Mbagwu is a Partner at Bucklers, a boutique law firm focusing on technology startups and tax.

Picture of BucklersLF

BucklersLF

read more insights

Leave a Comment

Your email address will not be published. Required fields are marked *

Connect With Us

Facebook Youtube Instagram X-twitter

Most Popular

ABOUT US

Bucklers Law Firm

Bucklers Law Firm is a boutique law firm that provides, legal, regulatory compliance, technology and tax advisory

MENU Link

Contact Us

BUCKLERS LAW FIRM

  • 27, Kakawa Street, Off Broad Street,
    Lagos Island.
  • +2347037120174, 2349116388644
  • bucklerslawfirm@gmail.com
    info@bucklerslawfirm.com

© 2024 Bucklers Law Firm. All right reserved | Designed with ❤️ by Techlevels

Scroll to Top