Growing up in Portugal, where football is “absolutely sport number one,” Jorge Oliveira, CIPM, has had a lifelong passion for the game. As he found his professional passion in privacy — growing his career in data protection at companies ranging from engineering to health care — Oliveira stayed connected to football, catching up on matches at the end of the workday.
Oliveira1-262x300.jpg
FIFA's head of data protection, Jorge Oliveira.

Oliveira has merged those passions as head of data protection at the Fédération Internationale de Football Association, the governing body of association football that, among other things, organizes international tournaments — including the FIFA World Cup and FIFA Women’s World Cup — attended by thousands and watched by millions.

Oliveira joined FIFA in early 2020 when the organization launched its in-house privacy team — a role that had previously been outsourced — to develop the organization’s privacy program and grow a team he says is working to “make the world of football better through a privacy perspective.”

“We have a big power in our hands to touch people,” Oliveira said of FIFA’s global impact. “We really do feel as data protection professionals that we can have an impact on individuals, using the vehicle we have through the impact of football to really make people aware and inform people in terms of best practices and data protection.”

Oliveira’s interest in data protection piqued as a research assistant at the Max Planck Institute in Germany and his first role as DPO was within the legal department of the Switzerland-based Oerlikon Group. He then moved to Swiss electricity provider Albiq and medical device company Hartmann Group in Germany before running his own consulting company for a year.

In his career, Oliveira said he has found there is a perception the DPO is there to “somehow stop or block their business.” So, he said, “I’ve always tried to show it in a different way, the business-enabling side of data protection.”

At FIFA, he initiated an internal data protection team within the organization’s legal and compliance division and a key accomplishment thus far, he said, has been changing the mindset towards data protection, "helping the organization believe in data protection and see us as a support of the organization." 

“This is key in every data protection program, and this is what we’ve tried to accomplish from the beginning,” he said. “To ensure that, and because there is a lot of technological development in this field, it is critical any business unit within the organization knows they can talk to us about any plans they are having that impact data protection.”  

Oliveira’s excitement for the work is palpable as he talks about steps FIFA has taken to raise awareness around data protection and privacy, like launching the FIFA Data Protection Portal, a one-stop shop where ticket buyers, guests, members of the media, fans, match officials and others can go to learn what data FIFA has collected, how it is used, where it comes from, how long it is stored and with whom it is shared.

“What we tried to do here is really for the different data subjects to know exactly what we are doing with their data in a transparent manner,” he said.

Football terminology was incorporated into the portal and FIFA’s Privacy Policy to explain information in an appealing way for fans of the game, Oliveira said, like describing cookies as “not just an end-of-game snack” but “small pieces of information stored on your browser when you use our website.”

In FIFA’s work around the world, with more than 200 member associations, Oliveira said it can be challenging to “find a level playing ground in terms of data protection” among the various cultures and jurisdictions. A set of compliance standards and initiatives were created that are easy to understand for each stakeholder, he said, in a way that attempts to “take away a little of the legalese behind data protection policies and show people privacy as it is.”

In his work, Oliveira said he is driven by privacy’s human impact, something he added is key as the profession grows, getting more challenging and competitive.

“(Privacy professionals) must be capable of making a change within an organization. If they are there to block business and write legal assessments then the time is done,” he said. “At the end of the day, the human impact behind every data protection program or organization is more and more important. To structure privacy activities to say what a program looks like, that’s the basics and that’s what many standards already give us, so it really is about human decisions.”

As a privacy professional who has found a match for both his personal and career passions, what piece of advice would Oliveira give to those looking to do the same? It comes back to that human impact.

“Always let yourself be driven by your human values and not by how much you are earning or by the name of the organization,” he said. “For me, the human factor was always key in every move in my career.”

IAPP CEO and President J. Trevor Hughes, CIPP, will host Oliveira during the IAPP’s “Profiles in Privacy” series Jan. 13 on LinkedIn Live.

Photo by Jannik Skorna on Unsplash