I think we would all agree that the reputation of players’ agents, nowadays called intermediaries, has never been a good one for plenty of reasons. But the truth is their presence in the football industry is much needed and probably most of the transfers would never take place if these outcast members of the self-proclaimed football family were not there to ensure a fluid and smooth communication between all parties involved.

For us, sports lawyers, intermediaries are also important clients as they often need our advice to structure the deals in which they take part. One of the most recurrent situations faced by intermediaries and agents operating off-the-radar (i.e. not registered in any football association member of FIFA) is the risk of entering in a so-called multiparty or dual representation and the potential risks associated with such a situation.

The representation of the interests of multiple parties in football intermediation can take place for instance when the agent represents the selling club, the buying club and/or the player in the same transfer, or when the agent is remunerated by multiple parties, and in general when the agent incurs the risk of jeopardizing the trust deposited upon him/her by the principal. The situations are multiple and can manifest in different manners.

This article will briefly outline the regulatory framework regarding multiparty representation applicable to registered intermediaries. It will then focus on provisions of Swiss law and the identification of the limits of dual representation in the light of the CAS jurisprudence and some relevant decisions of the Swiss Federal Tribunal.

A)   Regulatory framework:

Those agents acting in the market as registered intermediaries will necessarily be subjected to the specific football regulations enacted by FIFA and the national associations in which they operate. The answer as to the possibility to represent more than one party to a deal will therefore, be necessarily found in internal rules of each association. 

As opposed to the obsolete FIFA Players’ Agent Regulations[1], the FIFA Regulations on Working with Intermediaries (RWWI) allow intermediaries to represent more than one party in a transaction. Pursuant to the definition of intermediary[2] in combination with Article 8 RWWI, the only substantive requirement to intermediaries willing to act for multiple parties is that they obtain prior written consent and confirmation in writing on which party (i.e. the player and/or the club) will remunerate the services of the intermediary. The regulations, therefore, prioritize transparency over the question of who pays for the services of the intermediary. Consequently, it is not forbidden for an intermediary to represent and be paid by multiple parties to a transaction, as long as they all know and agree to it in advance.  

At a national level, most FIFA member associations[3] have followed the solution adopted in the RWWI and have transposed ad literam the right of intermediaries to multiparty representation as long as the transparency and information requirements are met (i.e. any potential conflict of interest is disclosed to the parties in advance, and subject to the prior written consent of the parties to the transaction).

However, there are still many agents that prefer to operate off-the-radar of organized football and its regulations. For these ‘rogue’ agents, the scenario is different and the question of the legality of multiparty representation will ultimately depend on the applicable law chosen by the parties[4]. Based on my personal experience, off-the-radar agents often end up acting through very rudimentary authorizations subject to the ordinary jurisdiction of the CAS. For this reason, I chose to dissect in this paper the limits of multiparty representation according to Swiss law, for based on article XY of the CAS Code of Sports Arbitration it represents the applicable law to ordinary disputes before the CAS when parties fail to make a particular choice of law.

The provisions of the contract of brokerage (“contrat de courtage”) in Articles 412-418 of the Swiss Code of Obligations (CO) are of relevance in this regard. The cornerstone provision concerning conflict of interest is found in Article 415 CO[5] whose English translation reads as follows:

“Where the broker acts in the interests of a third party in breach of the contract or procures a promise of remuneration from such party in circumstances tantamount to bad faith, he forfeits his right to a fee and to any reimbursement of expenses”.

The article differentiates between two non-cumulative hypothetical situations where the broker (i.e. agent) may be in a position of conflict of interests.

• First: the broker “Acts in the interest of a third party in breach of the contract”.
• Second: the broker “Procures a promise of remuneration from such party in bad faith”.

The first hypothesis establishes the prohibition of the broker to act in the interest of a third party if the obligations towards his client are breached. Accordingly, an agent representing a player is prevented from assisting the players’ contracting club to negotiate the terms of his employment contract, as he would be defending irreconcilable interests (i.e. the interest of the club to pay the lowest salary possible v/ the interest of the player to obtain the highest possible salary). Conversely, the same agent could be hired by the club in a different transaction without incurring a conflict of interest with the player. The condition triggering this first hypothesis will be thus, whether the agent acting for the third party is in breach of his contractual obligations.

It is important to note that the published English translation of the CO differs slightly from the original text of the code[6]. While the English translation refers to the breach of the “contract”, the original French version refers instead to a breach of the “obligations” which has obviously a broader scope, covering a wider range of situations than a contract might include.

This linguistic difference can be misleading as the obligations emanating from the CO may go beyond the obligations set forth in a simple authorization or a brokerage contract. By way of example, think of a very simple “Authorization” that does not explicitly prohibit the agent of the player to simultaneously act for the club. Sticking to literal text of the English translation, one could be tempted to believe that the agent was not acting in breach of the contract. However, the same situation seen under the lens of the legal obligations would imply that the agent could still be infringing the obligation of loyalty and trust stemming from the CO.

In view of the above, a correct evaluation of the first hypothesis will necessarily account for the legal obligations inherent to the brokerage contract, the scope of which might go beyond the obligations stipulated in the contract. Amongst these, the obligation of loyalty, the obligation to safeguard the interest of the client by not entering into conflictive situations, and the obligation of transparency and information.

The second hypothesis covers the prohibition in Swiss law of dual representation by procuring a promise of payment from third parties to the relationship broker/principal, if such a promise amounts to bad faith.

It needs to be underlined that this provision does not exclude dual payment, but subjects it to a certain limit, i.e. not incurring in bad faith. Delineating bad faith can turn out to be a difficult task as the concept itself has an inevitable component of subjectivity and, as opposed to good faith which is legally presumed (cf. Article 3 of the Swiss Civil Code), bad faith must always be proven by the party claiming it, who ultimately bears the burden of proof[7]. 

Applied to football agents, it can be safely assumed that an agent acting in good faith towards his client would necessarily act in a transparent way and inform his client that he is simultaneously acting for the other contracting party. Not disclosing such information in the context of negotiations can serve as indication of bad faith when combined with other elements. However, to prove the presence of bad faith will still require sufficient material evidence in order to discharge the burden of proof, since the simple negligence of the broker would not be sufficient to fall under the scope of the article.

The consequence for a broker (i.e. football agent) infringing the prohibition of dual representation in he hypotheses described in article 415 CO is the nullity of the contract and the forfeiture of the right to be remunerated, or the obligation to reimburse the amounts received if the infringement is ascertained after the realization of the contract and payment of the fee (“quod nullum est nullum producit effectum”).  

With the above premises in mind, a detailed look into the CAS and the Swiss Federal Tribunal jurisprudence regarding Article 415 CO will help identifying the scope of the legal obligations of a football agent towards his client (i.e. club and/or player), as well as the mechanisms used by the decision-making bodies to determine the existence of bad faith.

B)   Jurisprudence:

One of the very few CAS cases dealing with Article 415 CO in the context of football agents' relationships with clubs is the CAS award  2012/A/2988 PFC CSKA Sofia v. Loic Bensaid.

In short, the dispute opposed the flagship Bulgarian football club CSKA Sofia against a French football agent and revolved around the right of the latter to be remunerated by the club, considering he had acted simultaneously in representation of the player in the signature of the employment contract.

One of the many arguments used by the club in support of its alleged right not to pay the agent was based on Article 415 CO. The club asserted that the agent acted in violation of his obligations for having represented both parties. On the merits, the Sole Arbitrator concluded, nevertheless, that the agent had fulfilled the obligations of transparency and information as the Club was aware at all times that the agent also acted for the player and knew about the existence of the representation contract with the player[8]. The full knowledge and acceptance of the situation impeded the club to contend, at a later stage, the violation of the duty of loyalty and transparency.

Secondly, adhering to the grounds of the supporting FIFA decision, the Sole Arbitrator also remarked that the mandate between the Agent and the player did not contain any obligation to remunerate the services of the agent. The prohibition of agents to be remunerated twice for their services has been traditionally a key element in previous FIFA decisions where dual representation was at the center of the dispute[9]. This fact possibly led the Sole Arbitrator to also highlight this circumstance when assessing the behavior of the agent. However, the Sole Arbitrator further stated that, even if the mandate would have provided for a remuneration in favor of the agent (quod non), Article 415 CO would still not have been violated as the club failed to discharge the burden of proof as to the existence of bad faith, reinforcing with it that dual representation is only forbidden to the extent the agent acts in bad faith[10].

This final remark of the Sole Arbitrator is crucial as it evidences, in my view, that whether the player and the agent agreed upon a remuneration, remains in the end irrelevant for the evaluation of a possible violation of Article 415 CO. Indeed, pursuant to the CAS arbitrator’s interpretation of the article, the agent can be remunerated twice, as it is the disregard of the obligations inherent to the contract and in particular for the second hypothesis acting in bad faith that determines compliance with Article 415 CO.

To better illustrate the irrelevance of the “double remuneration” discussion, think for a moment of a brokerage contract where there is no explicit reference to the remuneration. Does such a lacuna in the contract imply that the brokerage is necessarily, pro bono? The answer is no, for as a general rule, mandates given in the context of professional relationships are presumed to be lucrative (see Art. 394(3) CO). That is precisely the case of football agents when they contract with players or clubs. This circumstance renders the reference to a remuneration in the contract a secondary element, or at least not an essential one. The former FIFA PAR (Ed. 2008[11]) followed this ratio legis when explicitly providing for a default remuneration of 3% of the players’ basic income where the parties cannot agree on the remuneration.

Beyond the specific CAS awards, some decisions of the Swiss Tribunal Federal help getting the full perspective on dual representation in the context of disputes subject to Swiss law. Although these do not refer to football agents, the similarities that exist with real estate and/or corporate brokers allow to derive important conclusions that can be applied to football agents.

A first decision worth mentioning is no. 4A_214/2014 of 15 December 2014. The case concerned a classic real estate intermediation where the agent agreed a commission from both the seller and the buyer involved in the transaction. The agent also failed to inform the seller of the existence of a better buying offer from a third potential buyer. In this context, after concluding the deal, the buyer refused to pay the agent, invoking Article 415 CO.

This case is important because it reveals the existence of two types of brokerage contracts under Swiss law (i.e. “courtage de negotiation” and the “courtage d’indication”). Whereas in a brokerage of negotiation the broker is entrusted by his client to negotiate the conditions of the transaction, in a brokerage of indication, the broker is simply called to indicate the possibility to conclude a transaction, with no negotiation duties involved. Furthermore, according to the doctrine cited in the decision, both types of contract are treated differently under Article 415 CO.

In casu, the Federal Tribunal qualified the contracts signed by the agent with the buyer and the seller as “courtage de negotiation” as he was entrusted with conducting all aspects related to the transaction. The agent was required to obtain the best possible conditions for his clients (e.g. the best buying and selling price respectively) and this circumstance directly generated an irremediable conflict of interest (i.e. the negotiation was either benefitting the financial interests of seller or the buyer) infringing the obligation of loyalty inherent to the brokerage contracts with the parties.

All in all, the Federal Tribunal rejected the appeal submitted by the real estate agent and confirmed the nullity of both contracts for violating Article 415 CO. The Federal Tribunal followed a strict interpretation of Article 415 CO according to which “no one can serve two masters” and thus, dual representation would only be possible (if so) in simple intermediations where no negotiation from the broker is required[12], in other words in “courtage d’indication”. In addition, in this case the agent also acted in bad faith for failing to disclose the existence of a more favorable offer to the detriment of the seller.

The main lesson that can be learnt from this decision is that Article 415 CO must be interpreted restrictively and that it has to be distinguished between those intermediation contracts that imply an active involvement of the agent (i.e. the agent is contractually required to negotiate the terms of a transaction for the player and/or the club) and those contracts of intermediation where the agent is called to simply indicate the possible opportunity for his client to conclude a deal with no other involvement in the transaction. In this last case, dual representation could be allowed for there would be no conflict of interests, and therefore, no infringement of the obligations under the brokerage contract. The specific contractual clauses are therefore crucial as they ultimately reveal the extent of the role assumed by the agent.

The second important decision by the SFT is more recent, no. 4A_529/2015 of 4 March 2016. The factual background of this dispute is extremely complex. In brief, the case revolved around the selling and buying of the shares of a company exploiting a luxurious Hotel located in Switzerland. The seller and the broker entered into a negotiation brokerage contract whereby the latter was entrusted to find a buyer of the company against the payment of remuneration. The principal had to agree with the final potential buyer. In the end, it was proved that the broker misled the principal about the true identity of the final buyer (to whom the principal expressly refused to sell), with whom the broker had also agreed remuneration. On the basis of these facts, the principal refused to pay the broker. 

The Federal Tribunal confirmed again that Article 415 CO is always interpreted strictly, and considered that by allowing the banned buyer to indirectly acquire the company, the broker acted in the interest of a third party against the obligation of loyalty. What is most significant about this decision is that the court delimitates very clearly the scope of the obligation of loyalty. It is described as a double-edged sword, implying on the one side: a positive obligation consisting of actively safeguarding and defending the interest of the principal; and on the other side: a negative obligation, consisting of abstaining from any conduct that could harm the interests of the client.  

In particular, the fact that the principal had not objected to a previous e-mail sent by the broker where he expressly indicated that the potential buyer was “C or any company indicated by it” was also irrelevant for the principal could not expect in ‘good faith’ that the buyer would make use of this substitution prerogative in favor of the real buyer. The arguments of the broker according to which it was not important for the principal to know who the buyer was and that he suffered no damage, were also dismissed.   

Finally, the argument of the broker according to which the remuneration to be received from the buyer was agreed after the transaction took place was also irrelevant in the eyes of the court.

With these cases in mind, when applying the holding of the SFT above to football agents' professional relationships, it follows that the scope of the obligation of loyalty will be significantly wider for football agents entrusted with negotiations than for agents simply tasked with identifying possible opportunities to close a deal.

Likewise, in order to determine the existence of a violation of the obligations assumed by the agent, it will not be enough to demonstrate that there has been no threat to the interests of the client or that the agent has not actively engaged in a conduct against those interests. Indeed, a simple passive conduct with the potential of jeopardizing the interests of the principal, such as failing to disclose relevant information, can be sufficient to violate the obligation of loyalty and deprive the agent from the right to be remunerated.

To this effect, the correct identification of the interest pursued by the client will ultimately determine the infringement by the agent of his obligations under the representation contract. In the end, the agent will only violate his obligation of loyalty as long as his behavior damages the interests of his client. These interests will vary depending on whether the principal is a football club or a player. If a club is trying to transfer or recruit a player, the interests will in most cases be of a financial nature. If instead, the principal is a football player terminating or signing a contract with a club, he might have non-economic interests (e.g. willing to play in a different championship, lack of integration of the family in the country etc.). Furthermore, the moment in which the remuneration is agreed is not relevant to establish the violation of the obligation of loyalty.

In conclusion, the contract of representation and its clauses in combination with the particular circumstances of each case will be fundamental to establish compliance with Article 415 CO when multiple representation takes place.   Football agents pretending to be remunerated by both contracting parties simultaneously without risking to violate their obligations must either enter into simple brokerage contracts with no negotiation attributions, or, when acting through a negotiation brokerage, always inform all parties in complete transparency. 

[1] See Article 19.8 FIFA PAR.

[2] “Definition of an intermediary

A natural or legal person who, for a fee or free of charge, represents players and/or clubs in negotiations with a view to concluding an employment contract or represents clubs in negotiations with a view to concluding a transfer agreement.” [Emphasis added]

[3] Only the FFF (France), the RFU (RUSSIA), the BFU (Bulgaria) the JFA (Japan) have explicitly adopted stricter rules prohibiting any conflict of interest. See Comparative Table of “The FIFA Regulations on Working with Intermediaries Implementation at a national level” (Ed. Michele Colucci).

[4] E.g. Arbitrage TAS 2007/O/1310 Bruno Heiderscheid c. Franck Ribéry.

[5] See article R45 of the CAS Code (ed. 2017).

[6] Art. 415. III. Déchéance:

“Le courtier perd son droit au salaire et au remboursement de ses dépenses, s'il agit dans l'intérêt du tiers contractant au mépris de ses obligations, ou s'il se fait promettre par lui une rémunération dans des circonstances où les règles de la bonne foi s'y opposaient.”

https://www.admin.ch/opc/fr/classified-compilation/19110009/index.html

[7] See. Decision of the SFT 131 III 511 para. 3.2.2 of  http://relevancy.bger.ch/php/clir/http/index.php?highlight_docid=atf%3A%2F%2F131-III-511%3Ade&lang=de&type=show_document

[8] See para. 118.

[9] E.g. Decision of the Single Judge of the PSC of 12 January 2012: “12. In view of the above, the Single Judge formed the view that, although the Claimant appears to have represented the Respondent and the player in the same transaction, the documentary evidence contained in the file clearly demonstrates that the Claimant could not have possibly been remunerated twice for his services. Consequently, and in accordance with the general principles of bona fide and pacta sunt servanda the Single Judge decided that the Respondent must fulfill the obligation it voluntarily entered into with the Claimant by means of the representation agreement concluded between the parties, and therefore, the Respondent must pay the Claimant for the services he rendered in connection with the transfer of the player to the Respondent.”

[10] See also para. 118.

[11] See i.c. article 20 para. 4 FIFA PAR (ed. 2008).

[12] See para. 1.1.3 of the SFT decision. An example of a courtage d’indication would be the brokerage of insurances, where the broker, acting for the policy-holder, is paid instead, by the insurance company.

Editor's Note: Marjolaine is a researcher and attorney admitted to the Geneva bar (Switzerland) who specialises in sports and life sciences. Her interests focus on interdisciplinary approaches as a way of designing effective solutions in the field of anti-doping and other science-based domains. Her book “Evidence in Anti-Doping at the Intersection of Science & Law” was published through T.M.C Asser Press / Springer in late 2015. She participates as a co-author on a project hosted by the University of Neuchâtel to produce the first article-by-article legal commentary of the 2021 World Anti-Doping Code. In her practice, she regularly advises international federations and other sports organisations on doping and other regulatory matters, in particular on aspects of scientific evidence, privacy or research regulation. She also has experience assisting clients in arbitration proceedings before the Court of Arbitration for Sport or other sport tribunals.

Since the spectre of the EU General Data Protection Regulation (‘GDPR’) has loomed over the sports sector,[1] a new wind seems to be blowing on anti-doping, with a palpable growing interest for stakes involved in data processing. Nothing that would quite qualify as a wind of change yet, but a gentle breeze of awareness at the very least.

Though the GDPR does mention the fight against doping in sport as a potential matter of public health in its recitals,[2] EU authorities have not gone so far as to create a standalone ground on which anti-doping organisations could rely to legitimise their data processing. Whether or not anti-doping organisations have a basis to process personal data – and specifically sensitive data – as part of their anti-doping activities, thus remains dependent on the peculiarities of each national law. Even anti-doping organisations that are incorporated outside the EU are affected to the extent they process data about athletes in the EU.[3] This includes international sports federations, many of which are organised as private associations under Swiss law. Moreover, the Swiss Data Protection Act (‘DPA’) is currently under review, and the revised legal framework should largely mirror the GDPR, subject to a few Swiss peculiarities. All anti-doping organisations undertake at a minimum to abide by the WADA International Standard for Privacy and the Protection of Personal Information (‘ISPPPI’), which has been adapted with effect to 1 June 2018 and enshrines requirements similar to those of the GDPR. However, the ISPPPI stops short of actually referring to the GDPR and leaves discretion for anti-doping organisations to adapt to other legislative environments.

The purpose of this blog is not to offer a detailed analysis of the requirements that anti-doping organisations must abide by under data protection laws, but to highlight how issues around data processing have come to crystallise key challenges that anti-doping organisations face globally. Some of these challenges have been on the table since the adoption of the first edition of the World Anti-Doping Code (‘WADC’) but are now exposed in the unforgiving light of data protection requirements.

Who is who and who does what?

It is hardly a scoop for those familiar with the World Anti-Doping Program to state that its structures are complex, relying on an intricate network of private entities as well as public (or quasi-public) agencies, each subject to their own applicable laws. The World Anti-Doping Program has always struggled with reconciling its objectives of global harmonisation with the sovereignty and diversity of national laws. National Anti-Doping Organisations (‘NADO’s) operate at the national level; they are in charge of doping issues across all sports in one country and are endowed with more or less extensive enforcement powers depending on their country’s regulatory approach to the sport sector. By contrast, international federations claim exclusive governance over one sport worldwide, uniformly and without regard to national borders but have to do so with the instruments available to private entities based on contractual or similar tools of private autonomy.

Over time, the WADC has been repeatedly updated to strike a balance between the two (national versus international) spheres and avoid positive or negative conflicts of competence. Provisions seek to clarify attributions in areas where international- and national-level competences collide, such as roles in Therapeutic Use Exemption (‘TUE’) management, testing authority, or results management responsibilities.[4] Even as it is, there is no safeguard to prevent disputes from arising about the proper authority to investigate and initiate proceedings for doping.[5]

Data processing activities are not exempted from the difficulties that accompany the complexity of anti-doping. If anything, these difficulties are rather exacerbated by data protection laws. In particular, the GDPR seeks to create a framework within which data subjects can easily recognise when data is being processed about them, by whom and to what aim(s), and whom to turn to in order to exercise their rights. This forces anti-doping organisations to be precise and unambiguous about their respective roles and attributions among themselves and chiefly towards the data subjects, the athletes subject to doping control.

The GDPR draws a distinction between two major categories of entities that process personal data: an entity can be characterised either as a data ‘controller’, or as a data ‘processor’. A controller is defined as an entity which “alone or jointly with others, determines the purposes and means of the processing of personal data”. A processor is an entity “which processes personal data on behalf of” a controller.[6]

The distinction may seem rather straightforward at first sight: the controller has a personal or commercial interest in the data processing and decides which data to collect, from whom, and through what means. At the other end of the spectrum, a ‘typical’ processor receives documented instructions from a controller and merely implements these instructions with no autonomy of decision or an autonomy limited to technical issues and logistics. However, interrelationships are often much more subtle in reality with considerable room for borderline situations: multiple controllers may need to agree on their (joint) controllership of the data while operating alongside entities that may act in part as processors, in part as controllers of their own right for different aspects of the data processing.[7]

In anti-doping, more than half a dozen entities may be involved in a routine doping control activity, between test planning and the outcome of a disciplinary process. All of these will either collect or gain access to athlete data, including sensitive data, as illustrated by the following: an international federation decides to conduct blood testing on an athlete from its registered testing pool but delegates sample collection to the NADO of the country in which the athlete is currently residing. To do so, the NADO has access to the athlete’s whereabouts filings through the ADAMS database, managed by the World Anti-Doping Agency (‘WADA’). The NADO itself carries out sample collection through a private service provider with its dedicated blood control officers and decides to use the opportunity to order, in addition, the collection of urine samples from the athlete. Upon sampling, the athlete is asked to fill in the doping control form in front of the doping control personnel, which includes disclosing several ongoing medication courses in the dedicated box. Samples are then transported, in a de-identified (‘coded’) form, by private courier from the country of collection to the international federation’s usual WADA-accredited laboratory in a different country.

Assuming the laboratory reports an adverse analytical finding in the blood sample, the international federation requests a full documentation package from the laboratory and verifies whether a Therapeutic Use Exemption on the record could be related to the adverse analytical finding. Upon notification of the results and public announcement of the immediate provisional suspension, the athlete requests the analysis of the B sample, thereby de facto lifting the code on the A sample where the laboratory is concerned. The athlete submits a series of explanations regarding the possible causes for the adverse analytical finding, including a report from his treating physician regarding a medical condition that might account for the findings. The international federation may send the laboratory documentation package and athlete explanations to external experts for additional input and then hands over the file to its external anti-doping tribunal members. Most data will at some point have to pass through the ADAMS database and be stored within that database for up to ten years. However, it may also be communicated by other (electronic or physical) means among anti-doping organisations and their service providers and experts.

Once the disciplinary decision is issued, its main elements are publicly disclosed by the international federation on its website, and the decision shared with WADA and any NADO having jurisdiction over the athlete. The NADO further decides to send the negative urine sample for long-term storage and possible reanalysis to the WADA-accredited laboratory that provides its storage facilities.

The above description represents an imaginary but ultimately rather standard situation for anti-doping organisations. It does not seem too far-fetched to identify that the international federation at the very least acts as a controller of the athlete data processed. However, a NADO who receives instructions to collect samples and also decides to collect additional data (and additional biological materials) on its own and for its own purposes, potentially acts as both a processor and controller depending on the data at stake. A number of processors and sub-processors are involved in the process as service providers, while the qualification of external experts may have to be assessed on a case-by-case basis. WADA offers the ADAMS database as an IT infrastructure for data storage and sharing for the international federation and NADO but also uses the data to fulfil its own obligations and purposes under the WADC, such as exercising its appeal rights or verifying compliance of the anti-doping organisations with their duties. Arguably, at the very least there will be three controllers of data (international federation, NADO, and WADA) in addition to multiple processors and sub-processors.

Characterising the role of each entity as a ‘controller’ or as a ‘processor’ is far from being of academic interest only. The two types of entities have distinct responsibilities and requirements for lawful processing. Appropriate contractual arrangements need to be set up among the entities involved, and data subjects must be informed of these in a comprehensible manner allowing them to exercise their rights. Controllers have primary responsibility for dealing with data subject requests and responding to supervisory authorities and have a more extensive scope of liability across the entire scope of data processing. By contrast, processors are, in essence, only liable for their own processing activities and merely undertake to support the controllers in their obligations towards data subjects and authorities.[8]

There is one other important difference that carries special significance in the context of anti-doping: a processor who acts under instructions can rely on the processing contract with the controller responsible for the data as a lawful basis for processing.[9] By contrast, if two or more parties qualify as controllers in their own right, each controller needs to secure its individual lawful basis with respect to the data subjects. The requirement of lawful processing is entwined with the discussion around the validity of ‘consent’ to anti-doping regulations.

Lawful basis and problematic character of consent

Processing of personal data under the GDRP requires a lawful basis. As relevant to our topic, three types of legitimising grounds co-exist: i.) grounds rooted in private autonomy (consent or necessity for performance of a contract with the data subject), ii.) grounds relying on public interest or overriding interests of the controller (e.g. pursuing a legal claim), or iii.) a specific basis in Union or national law, e.g. for performance of a substantial public interest or public health task.[10] Not all grounds enter into consideration for every category of data; special categories of data – also known as ‘sensitive’ data under the DPA – have a more limited number of valid processing grounds.[11] Obviously, a major part of data processed as part of doping control qualifies as sensitive data as it relates to health,[12] including the data gathered through analysis of doping control samples or collected as part of TUE applications.

The traditional way for international sports organisations to impose their rules on their ultimate addressees, i.e., the individual athletes, has been through contract, quasi-contractual chains of submission, or other instruments involving a declaration of consent. The validity of consent on the part of those who submit to anti-doping regulations is a recurring matter for debate, in particular as its informed and voluntary character is generally described at best as limited and more frequently as purely illusory. The issue has been scrutinised in particular with respect to submission to proceedings before the Court of Arbitration for Sport (‘CAS’),[13] which the WADC imposes as a legal remedy in international doping disputes. While acknowledging the ‘constrained’ nature of the athlete’s consent, the Swiss Supreme Court accepts the validity of arbitration clauses in sports regulations in the name of the needs for swift and competent resolution of sport disputes. It has, however, imposed certain limits on the extent to which an athlete can entrust their fate to the sports resolution system. As decided in the Cañas v. ATP case, an athlete cannot validly waive in advance the right to challenge the CAS award in front of the Supreme Court in disciplinary matters.[14] In Pechstein v. Switzerland, the European Court of Human Rights (‘ECtHR’) was asked to discuss the status of an arbitration clause in the context of doping proceedings. It reached the same conclusion that the only choice offered to the athlete was either to accept the clause in order to be able to make a living by practising her sport at a professional level or to refuse it and completely give up on practising at such level. As a result of this restriction on the athlete’s professional life, it was not possible to argue that she accepted the clause ‘in a free and unequivocal manner’.[15]

In both cases, the findings were ultimately of little consequence for the sports sector. The Swiss Supreme Court only reviews CAS awards through an extremely narrow lens so that the power to set strategic jurisprudence in sports matters remains with the CAS panels, whether or not athletes retain their rights to challenge the award. Similarly, in the Claudia Pechstein matter, the only shortcoming found in the ruling was the lack of an option for a public hearing in CAS proceedings. Absence of genuine consent has thus been – expressly or implicitly – compensated for by courts through procedural safeguards, in an effort to ensure that athletes still benefit overall from a system of justice broadly compliant with Article 6 of the European Convention on Human Rights.

Data protection issues create a greater challenge here, since the GDPR explicitly requires consent to be ‘freely given’, in addition to being informed.[16] The same is true under the Swiss DPA.[17] The GDPR does not accommodate compensatory mechanisms to account for the ‘fictional’ character of consent in the sports context: consent that is not optional is not free, and consent that is not free is not valid. Importantly, free consent also presupposes that consent can be withdrawn at any time as easily as it was given and without significant detrimental consequences for the data subject.[18]

I will not delve here into how anti-doping organisations can fulfil the requirement of ‘informed consent’, which as per the GDPR requires “intelligible and easily accessible form, using clear and plain language”.[19] The template information notices (here and here) proposed by WADA currently in effect inform athletes, in essence, that their data may be processed based on various legal grounds, may be accessed by various entities around the world according to various data protections laws, which may offer them various levels of protection, and that they may have various rights and obligations under these laws. It is questionable whether explanations in this form would satisfy the requirements for informed consent. Still, adequate information appears at least achievable with appropriate and individualised legal drafting supported by a data protection specialist. The question of free consent is a much more delicate one since it is not in the hands of anti-doping organisations to give athletes a genuine choice in this respect.

In spite of the potential financial implications, one could argue that consent is freely given where the athlete can choose at any time to withdraw consent to data processing, with the sole consequence of losing the benefit of the services attached to the ‘contractual’ relationship with their sports authorities, i.e. the right to participate in sports competitions. This would, for example, suppose that an athlete notified of a testing attempt could elect to either submit or instead declare immediate retirement from sport without any further consequences. Under the current rules, however, such withdrawal of consent would trigger disciplinary sanctions, which may include ineligibility or fines depending on the sport, and in any event, will have a significant impact on the athlete’s reputation. The templates proposed by WADA explicitly warn athletes about these consequences, as well as the fact that anti-doping organisations may retain and continue processing their data in spite of any withdrawal (see here and here). In fact, the WADC provides that the results management and disciplinary process may be initiated or may continue in spite of the athlete announcing their retirement from sport.[20]

To this day, one is still awaiting a realistic proposal that would allow consent to anti-doping regulations to be genuinely freely given. Most stakeholders would agree that there is no viable manner of making compliance with anti-doping rules optional for athletes without undermining the very notion of a level playing field.[21] Unlike the relatively benign implications that lack of genuine consent had for the sport dispute resolution system so far, the impossibility of creating the prerequisites for free consent to anti-doping regulations is far more consequential in the data protection context. Indeed, it precludes reliance on consent as a reliable lawful basis that can be used globally by international sports governing bodies to secure the lawfulness of their data processing. This is the case unless courts would be willing to go against the explicit wording of data protection laws and tolerate ‘forced’ consent as a lawful basis in the context of sport.

As the Swiss Federal Council noted in their official communication on the Swiss Sport Act, the questionable validity of athlete consent makes it necessary to create express legal provisions authorising anti-doping organisations to collect and process personal data for anti-doping purposes.[22] Under the GDPR, processing sensitive data relying on an interest of substantial public or public health interest equally requires a legal basis in EU or relevant national law of a member state. Without intervention of national lawmakers to recognise anti-doping as a matter of ‘substantial public interest’ or ‘public health’ interest and identify those entities that are entitled by law to process data together with an appropriate description of the admissible scope and purposes for such processing, sports organisations will continue to rest on shaky ground when it comes to data processing and in particular processing of sensitive data.

Proportionality of treatment

The issue of proportionality is relevant for almost any component of an anti-doping system. It is recognised by CAS panels and courts as an internationally accepted standard,[23] as part of the assessment for deciding whether an encroachment upon individual freedoms is justifiable and justified in any given case. Proportionality is frequently debated in connection with the severity of the disciplinary sanctions set forth in the WADC,[24] but it is also a test that every other aspect of the regulation must stand up to.[25]

An important limb of the proportionality test is the ‘necessity’ of a measure having regard to the rights affected. This aspect was recently addressed by the European Court for Human Rights in the context of French legislation on the whereabouts regime applicable to professional athletes and its compatibility with privacy: “the general‑interest considerations that make them necessary are particularly important and, in the Court’s view, justify the restrictions on the applicants’ rights under Article 8 of the Convention. Reducing or removing the requirements of which the applicants complain would be liable to increase the dangers of doping to their health and that of the entire sporting community, and would run counter to the European and international consensus on the need for unannounced testing.”[26] The ECtHR conducted its assessment with respect to the right to privacy under Article 8 of the European Convention on Human Rights without having regard to specific data protection provisions.

The requirement of proportionality is a pillar of data protection in all its aspects, from the decision to collect the data to its retention. It is enshrined both in the GDPR and in the DPA[27] and is notably also highlighted in the WADA ISPPPI.[28] Concerns about proportionality of the anti-doping system were expressed by EU data protection advisory authorities as early as 2008,[29] and numerous exchanges with WADA have ensued.[30] Various adjustments have been made to the ISPPPI since then with a significant review to adapt the ISPPPI to the GDPR requirements, and a new set of WADA Guidelines adopted in 2018.

Still, the threats on proportionality are bound to be ubiquitous in a context where standardisation is a guiding principle of regulation. For example, the ISPPPI (Annex A) enshrines retention times based on different categories of data (TUE, samples, whereabouts, etc.), but with only two different retention periods overall: 18 months (newly being reconsidered in the draft revised version as 12 months) or 10 years. These have been criticised again in the ongoing stakeholder consultation process as being insufficiently differentiated to be adequate.[31] Indeed, while a column in the Annex formally indicates for each category that the retention time has been chosen based on “necessity” or “proportionality” criteria, Annex A states in limine that the limitation to two retention periods is “for practical reasons”. These justifications cannot be easily reconciled. To properly account for proportionality, anti-doping organisations would need to conduct their own assessment in a more individualised fashion, adapted to their athlete pool and sport. However, as in many other domains of doping control, one wonders how many of them will have the resources, competences and willingness to look beyond WADA prescriptions. Also, since most of the data must be processed through the ADAMS database managed by WADA, anti-doping organisations may have limited effective power over the set-up of the data deletion process.

The proportionality principle is also connected to another fundamental requirement, which is that data processing must remain within the ‘purpose’ defined (‘purpose limitation’ principle). The ISPPPI contains a list of purposes for which anti-doping organisations may process data. However, the ISPPPI gives anti-doping organisations an option to decide to process data for other purposes related to the fight against doping, provided they carry out a documented assessment. The WADA Guidelines propose a template for ‘new purpose assessment’, and indicate that such new purpose could encompass purposes that were not contemplated in the WADC nor perhaps could even be envisaged at the time of collection. The draft revised ISPPPI seems to go even further down this line: “In certain contexts, it may be appropriate or necessary for Anti-Doping Organizations/WADA to Process Personal Information for additional purposes, […] besides those already permitted or required by the Code, the International Standard or expressly required by law, in order to engage effectively in the fight against doping”.[32] It is unclear how this assessment is to be effectively implemented especially for sensitive data, be it under the assumption of a consensual basis or of one based on national law recognising substantial public interests for anti-doping activities. In both cases, if the actual purposes for which the data may be used are in limbo awaiting potential reassessment for ‘new’ purposes, it is questionable whether informed consent or a sufficiently predictable legal basis respectively could even be created.[33]

As the claims for more ‘evidence-based’ approaches and stronger monitoring of anti-doping programs grow louder, more thought could be spent on proportionality and purpose limitation of data processing in anti-doping. Most of the discussion so far has revolved around the intrusiveness of the whereabouts requirements. Whereabouts information, however, is only collected from a limited number of high-profile athletes (i.e., those included within a registered testing pool) and is only a fraction of the data collected as part of anti-doping programs. In the FNASS et al. v. France ruling, the ECtHR essentially relied on the pleas of the anti-doping movement and governments to find that the fight against doping pursues a public health interest and implements it in a proportionate way. In doing so, the ECtHR seems to perpetuate a tendency of CAS and other courts to take policy documents and consensus statements - whether enshrined or not in international law instruments such as the UNESCO Convention against Doping in Sport - as proof of the reality of the claims they contain[34] without requiring much supporting evidence. In many instances, this is technically justified by placing on the contesting party the burden of demonstrating any lack of proportionality.[35] On a higher level, however, it tends to create a presumption that any doubt must benefit the cause of anti-doping.[36] This may lead to self-perpetuating policy biases based on circular reasoning by justifying new measures through previous, unverified claims.

Data protection laws, with their detailed requirements and descriptions of data subject rights, may offer a foundation for a more granular analysis than general human rights provisions under the undetermined heading of ‘privacy’. Opportunities for legal analysis may still be hindered by the fact that an argument related to data protection is hard to build into a defence when athletes – or their counsel – would typically start seriously thinking about these issues only once they become subject to investigations or discipline for a potential breach of the anti-doping rules. CAS panels have been rather generous in admitting evidence unlawfully obtained against individuals charged in disciplinary proceedings.[37] It could thus prove extremely difficult – perhaps even counter-productive as a defence strategy – for an athlete to object to the admissibility of doping control data obtained in breach of data protection laws, in particular when the objection relates to a breach that leaves as much discretion to the panel as proportionality of data collection or retention. CAS panels have repeatedly recognised the fight against doping as an interest that overrides individual freedoms without carrying out much of an individualised balance of the interests at stake. [38]  More promising impetus could come from a random athlete seeking advice from supervisory authorities through the avenues offered by his or her national data protection laws prior to exposure to a positive test or other disciplinary action. Unfortunately, much like consumers, athletes often seem to show little interest in their privacy until they are confronted with some tangible detrimental consequences.

A true plague or a real opportunity?

Some may view recent developments in data protection laws as just another headache for sports governing bodies and deplore the advent of a new hurdle for anti-doping organisations who aspire to take their tasks under the World Anti-Doping Program seriously. Anti-doping organisations advocate that they are carrying out a mission of public interest. As we have seen, this view has been supported by various bodies and courts around the world and is also reflected in the UNESCO Convention against Doping in Sport. However, the GDPR does not regard public interest as an absolute basis for all data processing; in particular, sensitive data cannot be processed on the sole basis of an alleged public interest unless such public interest is substantial or related to public health, and its modalities are set out in national or EU law.

In a time where the credibility of existing structures and procedures within anti-doping authorities is questioned, the challenge arising from data protection standards can also be perceived as an opportunity for the anti-doping system. The ISPPPI and related WADA Guidelines, unfortunately, do not purport to provide solutions to the various crucial challenge set out above but merely invite anti-doping organisations to act in accordance with their applicable data protection laws. They give little guidance on how this is to be achieved in the event that these laws conflict with their duties under the WADC.

Developments in data protection force anti-doping organisations to look at their structures, legal status and their relationships with other organisations within the system. These developments should also have the effect of prompting national legislators to take measures more supportive of anti-doping policies in this domain, and in particular by making sure that sports governing bodies benefit from an appropriate legal basis for processing data, including sensitive data. Given that the very purpose of the WADC is to harmonise the regulation of doping in sport worldwide and that this objective is routinely invoked to justify restrictions on athlete rights, it would seem somewhat counterintuitive not to afford all athletes the same level of protection where their data is concerned. If there is truly a general international consensus on the legitimacy of the fight against doping and this consensus is supported by the State parties to the UNESCO Convention, those States, at a minimum, must be willing to give anti-doping organisations the means to carry out their tasks in a legally sustainable manner, unless and until these States are ready to engage in a fundamental overhaul of the current system.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The GDPR started to apply on 25 May 2018. In theory, all entities conducting data processing activities within the scope of the GDPR ought to have secured compliance as of this effective date.

[2] Recital 112 refers to requirements for cross-border data transfers and provides: “Those derogations should in particular apply to data transfers required and necessary […] for public health, for example […] in order to reduce and/or eliminate doping in sport”.

[3] Article 3 para. 2 of the GDPR regarding territorial scope of application.

[4] See Articles 4.4 of the WADC for TUEs, 5.2 for testing, and 7.1 for results management.

[5] See e.g. CAS 2014/A/3598, 3599 & 3618, in which the authority of USADA to initiate proceedings against Johan Bruyneel and others was challenged.

[6] Article 4 (Definitions) of the GDPR. Note that a processor within the meaning of the GDPR may itself choose to delegate part of its activities to a sub-processor, if and to the extent authorised by the controller.

[7] See the guidance and examples given by the UK Information Commissioner’s Office.

[8] See Chapter IV of the GDPR.

[9] Article 28 para. 3 of the GDPR.

[10] Article 6 of the GDPR.

[11] Article 9 of the GDPR.

[12] Article 9 para. 1 of the GDPR; Article 3 lit. c of the DPA.

[13] See e.g. Duval A (2017) Not in My Name! Claudia Pechstein and the Post-Consensual Foundations of the Court of Arbitration for Sport, Max Planck Institute for Comparative Public Law & International Law (MPIL) Research Paper No. 2017-01; Rigozzi A & Robert-Tissot F (2015) "Consent" in Sports Arbitration: Its Multiple Aspects. In: Geisinger & Trabaldo-De Mestral (eds) Sports Arbitration: A Coach for Other Players? ASA Series 41, Jurisnet NY, pp 59-95;

[14] Swiss Supreme Court Decision, 4P.172/2006, 22 March 2007.

[15] ECtHR Decision 22 October 2018, Mutu & Pechstein v. Switzerland, no 40575/10 et 67474/10, para. 114.

[16] Article 4 (Definitions) of the GDPR.

[17] Article 4 para. 5 of the DPA.

[18] Article 7 para. 3 of the GDPR.

[19] Article 7 para. 2 of the GDPR.

[20] Article 7.11 of the WADC.

[21] Though it is often debated to what extent exactly the performance enhancing effect of individual prohibited substances and methods is established. Heuberger J, Cohen A (2018) Review of WADA Prohibited Substances: Limited Evidence for Performance-Enhancing Effects. Sports Med. 2019; 49(4): 525–539.

[22] Message du Conseil fédéral du 11 nov. 2009, FF 09.082, pp 7450/7451 : « Aujourd’hui, les contrôles antidopage relevant du sport de droit privé reposent sur une déclaration de consentement du sportif. Cette déclaration doit être librement consentie. Or, cette liberté n’est pas garantie, dans la mesure où le refus de donner son consentement peut entraîner l’exclusion de la manifestation ou la perte de la licence ».

[23] CAS 2005/C/976 & 986, FIFA & WADA, para. 138 ; CJEU decision Meca-Medina & Majcen v. Commission (C-519/04).

[24] A recent example: CAS 2018/A/5546, Guerrero v. FIFA, CAS 2018/A/5571, WADA v. FIFA & Guerrero, paras 85 et seq.; Legal Opinion by Jean-Paul Costa on the 2015 revision of the WADC.

[25] Viret (2016), Evidence in Anti-Doping at the Intersection of Science & Law, T.M.C Asser, p. 133; Since its 2015 version, the WADC has included an explicit reference to proportionality as one of the key considerations underlying its drafting. See introductory section “Purpose, Scope and Organization of the World Anti-Doping Program and the Code”.

[26]ECtHR, FNASS et al. v. France (48151/11 and 77769/13), para. 191.

[27] Article 5(1)(c) of the GDPR, whereas the data must be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)”.

[28] Section 5.0 ISPPI “Processing Relevant and Proportionate Personal Information”.

[29] Art. 29 Working Party, now replaced by the European Data Protection Board under the GDPR.

[30] See collection of legal documents on WADA website.

[31] Comment to revised ISPPPI by NADA Germany, ad Annex Retention Times.

[32] Comment ad Article 5.3(d) draft ISPPPI.

[33] The EU Commission warns that extension of purpose is not possible where processing was based on consent or a provision of law without renewing the consent or creating a new legal basis.

[34] See e.g. preamble of the UNESCO Convention “Concerned by the use of doping by athletes in sport and the consequences thereof for their health, the principle of fair play, the elimination of cheating and the future of sport”.

[35] See already in CJEU decision Meca-Medina & Majcen v. Commission (C-519/04) regarding the proportionality of threshold levels.

[36] Maisonneuve Mathieu, La CEDH et les obligations de localisation des sportifs : le doute profite à la conventionnalité de la lutte contre le dopage, note sous CEDH, 5^e sect., 18 January 2018, Fédération nationale des associations et des syndicats sportifs (FNASS) et autres c. France, req. Nos 48151/11 et 77769/13. Journal d’actualité des droits européenes, Centre de recherches et de documentation européennes et internationales, 2018.

[37] CAS 2016/A/4487, IAAF v. Melnikov, para. 108.

[38] CAS 2009/A/1879, Valverde v. CONI, para. 139.