CAS judgement: UEFA ban overturned, City exonerated (report out p603)

Cobwebcat said:
Is it just me that doesn't care if this never come out?

Let's say the full document is 99% in our favour (I can't see it being more than 80%)

Let's also say that in that 99% all sorts of negative information is released about UEFA.

One of two things will happen (because we have already seen the first of these)

1. The 1% will he the headlines and it will be open season on us AGAIN. Football is tribal and the truth will just be dismissed.

2. The clubs vying for even more power WITHIN UEFA (not lobbying) will say UEFA are not fit for purpose and they will gain greater control of the governing body.

The other point to make is that, as Soriano says, UEFA is split between the neutral old guard and the self interested new guard that joined from the ECA under the threat of a breakaway league. It looks to me that City would like to work with the old guard and get rid of the threat within UEFA.

I can't see any positives from the full release. I'd be happy to take the win and move on. I suspect City think the same.
Click to expand...

A lot of good points there.
 
SilverFox2 said:
Thanks.Stefan.

Whilst it is a Court of Arbitration I find it surprising that they allow any request for redaction of the detail of their findings.
In other words criticism of their reasoning to arrive at their conclusion.
As you possibly infer, City have the original version so. will likely ensure any revision sent for approval does not significantly affect our position.
Thanks again for your view.
Click to expand...
I think it's commercially sensitive data that's subject to redaction, and of course CAS have the final say in what gets released.

They'll definitely redact the costs section as no lawyer wants those details out...
 
Centurions said:
Well it's gone 4:30 over there so looks like another day to wait at least.
Click to expand...
They have released things as late as 6.30pm Swiss time, but I think I'm going to start operating on the assumption we will hear about the report coming out from journalists a day or so before it actually does.
 
Centurions said:
I think it's commercially sensitive data that's subject to redaction, and of course CAS have the final say in what gets released.

They'll definitely redact the costs section as no lawyer wants those details out...
Click to expand...

That's all stuff CAS would have redacted on their own before even giving the to-be-released copies to the clubs.

The full awards are mostly made up of a breakdown of the arguments and the CAS judges verdicts/opinions of them. I have assumed that UEFA would be fighting over keeping some of their or City's arguments out of the report because they show up UEFA's bad faith in the investigation, or some critical commentary on the judges side.
 
domalino said:
That's all stuff CAS would have redacted on their own before even giving the to-be-released copies to the clubs.

The full awards are mostly made up of a breakdown of the arguments and the CAS judges verdicts/opinions of them. I have assumed that UEFA would be fighting over keeping some of their or City's arguments out of the report because they show up UEFA's bad faith in the investigation, or some critical commentary on the judges side.
Click to expand...
Maybe although I'd have hoped neither side had that option. That said, the bit about 'no equity injection' in capital letters in the original award letter sounded like a City request to my mind.
 
Moebius said:
Man city would still be the "controller" of the data in question even if it was hosted by a third party, so therefore would be liable for any breaches, this is why companies need to do Data Privacy Impact assessments under DPA2018 where the data stored could hold special category data. (ie. medical information) Under the DPA the controller of the data must make sure the data is secure and safe, this also extends to people that process the data on the controllers behalf. This is why companies have password policies where users must change their password every x days/weeks/months so even if a password was breached unknowingly, it would be changed at some point.
Click to expand...
My understanding is that Scout7 incorporates a pre-populated database, which the supplier would therefore be the data controller of. But there is the facility to put in your own data, which City would be the controller of, as you rightly say. It's then up to City, as controller, to ensure the 3rd party is compliant.

But the question is, what's "compliant"? I'm sure that only allowing access to authorised users, which is what effectively happened, wouldn't fall foul of GDPR I suspect. Had City failed to remove the access credentials of departing staff then they would certainly be at fault. But you have to understand that this was a deliberate and probably pre-meditated action as aprt of a wider intrusion, not some opportunistic, one-off incident. This was the tip of the iceberg, which is what I've been alluding to all along. I simply don't believe it stopped with the settlement, just carried on but slightly differently.
 
Centurions said:
I think it's commercially sensitive data that's subject to redaction, and of course CAS have the final say in what gets released.

They'll definitely redact the costs section as no lawyer wants those details out...
Click to expand...
Shame...as from the initial report we were completely exhonerated, and the evidence put by UEFA was incredibly flimsy and by the sound of it unsubstantiated - it would be nice to see how much they spent on backing a 'hit n hope'.

I want to see the report, even if 1% is negative to City, the overwhelming would be positive and demolishing of UEFA's standpoint.
I'd like to see laid out, the trust we placed in the heirachy, and the belief they had in the facts.
As for what others think, well, it doesn't really matter, as they won't generally change their position on anything related to City.
But we can point to the clear and undoubtable facts, and if they still don't shift their position (grudgingly or otherwise), then they aren't worth it.
 
Prestwich_Blue said:
My understanding is that Scout7 incorporates a pre-populated database, which the supplier would therefore be the data controller of. But there is the facility to put in your own data, which City would be the controller of, as you rightly say. It's then up to City, as controller, to ensure the 3rd party is compliant.

But the question is, what's "compliant"? I'm sure that only allowing access to authorised users, which is what effectively happened, wouldn't fall foul of GDPR I suspect. Had City failed to remove the access credentials of departing staff then they would certainly be at fault. But you have to understand that this was a deliberate and probably pre-meditated action as aprt of a wider intrusion, not some opportunistic, one-off incident. This was the tip of the iceberg, which is what I've been alluding to all along. I simply don't believe it stopped with the settlement, just carried on but slightly differently.
Click to expand...
If the unlawful access occurred before May 2018 then the GDPR/Dat Protection Act 2018 would not apply, it would be the DPA 1998. If they continued to illegally access personal data after that date then the new legislation would apply. The new law puts greater emphasis and responsibilities on data processors eg Scout7 but also on data controllers to take reasonable steps to ensure that their third party contractors are doing things properly and securely.
In any event the ICO seems to be increasingly looking at bringing criminal prosecutions against those unlawfully accessing data for commercial gain under the Computer Misuse Act rather than data protection legislation, due to the more stringent sentences which can be imposed. The following case is not identical but there are certain similarities regarding log-in credentials etc which make interesting reading
https://ico.org.uk/about-the-ico/ne...in-first-ico-computer-misuse-act-prosecution/
 
A propos of nothing just read an article by Alistair Campbell about his recent european holiday. He said he mostly read the German newspapers and the UK barely figured but that the ' Manchester City money story was big'.
 
Prestwich_Blue said:
My understanding is that Scout7 incorporates a pre-populated database, which the supplier would therefore be the data controller of. But there is the facility to put in your own data, which City would be the controller of, as you rightly say. It's then up to City, as controller, to ensure the 3rd party is compliant.

But the question is, what's "compliant"? I'm sure that only allowing access to authorised users, which is what effectively happened, wouldn't fall foul of GDPR I suspect. Had City failed to remove the access credentials of departing staff then they would certainly be at fault. But you have to understand that this was a deliberate and probably pre-meditated action as aprt of a wider intrusion, not some opportunistic, one-off incident. This was the tip of the iceberg, which is what I've been alluding to all along. I simply don't believe it stopped with the settlement, just carried on but slightly differently.
Click to expand...
Yet the FA dropped their investigation?
 
You must log in or register to reply here.
Unread Posts

Don't have an account? Register now and see fewer ads!

SIGN UP
Back
Top