28 May 2014
The Edinburgh Marathon’s organisers have for the first time declined to publish a list of all names and finishing times of competitors, other than the top three runners in each category. Many runners have expressed their disappointment that friends and family can’t view results. Some have threatened to boycott the event next year. Press reports have, predictably, speculated as to “data protection” concerns. So is data protection a concern? We don’t think so.
Link to the article in the Edinburgh Evening News: 'Edinburgh Marathon runners slam missing data'.
The amount of information published in road race results is normally limited to name, race number and time. It is not information of which publication is likely to infringe someone’s privacy or breach the data protection principles, in our view. Participants have also willingly submitted to entering a public race. Most runners expect their results to be published. Many want them to be published. Runners, friends, families and sponsors enjoy viewing the full results list to find out where the runner finished, or where their friends, families and team members finished. Consent to this information being made public is implicit at the time of entry in our view. Even if it wasn’t, we think race organisers could easily justify publication of a full list of race results as being a “legitimate business interest pursued by” the organiser of a marathon. If race organisers are concerned about “data protection” as the press seems to think, they could easily add a box to the on-line entry form, allowing participants to opt out from the published lists. A blanket withholding of the results in our view is heavy handed. Countless comparable events in Scotland and elsewhere have published full results lists on line for years and sent out paper copies in the pre-internet era, as one of our authors can testify....
The Information Commissioner has repeatedly stated that there is nothing in principle wrong with data sharing. We can’t imagine he has any difficulty with publication of such basic details as an entrant’s name, number and race time. It is hardly the obvious toolkit for identity fraud: (“New passport, sir? Do you have your marathon time and race number handy?”). There is also no chance in our opinion of any entrant asserting the necessary “likelihood of substantial damage or distress” from publication of basic race information that everyone expects to see.
All the members of the BTO Data Protection Defence Team participated in the 2014 Edinburgh Half Marathon and Marathon Relay to raise funds for a cancer charity. But you won’t be able to find out our times because unfortunately none of us finished in the top three!
Contact: Paul Motion at BTO Data Protection Team.