Keeping an Eye on the Ball: Government Agencies Increasingly Focused on 2026 FIFA World Cup Legal Issues | Wilson Sonsini Goodrich & Rosati

On September 22, 2023, the U.S. Department of Justice (DOJ) announced that it was partnering with Mexico’s Federal Economic Competition Commission and Canada’s Competition Bureau on a new joint initiative to “deter, detect and prosecute” anti-competitive conduct in connection with the 2026 Fédération Internationale de Football Association (FIFA) World Cup.[1] This Client Advisory provides practical guidance for companies that plan to do business in connection with this global event.

Background

The 2026 FIFA World Cup will be jointly hosted by 16 cities in the United States, Mexico, and Canada, including 11 U.S. cities, three Mexican cities, and two Canadian cities. This World Cup will be the largest in its history, with a record 48 countries participating from June 11, 2026, to July 19, 2026, when the final match will be played at MetLife Stadium outside of New York City.

This World Cup presents an enormous economic opportunity for businesses across all industries to capitalize on “The Beautiful Game.” Across North America, businesses should expect an uptick in demand for corporate sponsorships, infrastructure projects, travel and tourism services, advertising and marketing services, entertainment technology, and more leading up to the tournament.

Businesses eager to score off the pitch should be mindful of complying with regulations from all three countries. Government regulators and watchdogs, including the DOJ, have already stated their intent to closely scrutinize economic activity related to the World Cup. Assistant Attorney General for the Antitrust Division Jonathan Kanter said that “[t]he Antitrust Division will be vigilant in detecting anticompetitive conduct by any businesses and individuals that exploit the economic opportunities created by the games.”[2] By collaborating, the agencies hope to deter and detect unlawful agreements related to the provision of goods and services for the World Cup.

Businesses should review our World Cup do’s and don’ts to ensure that they do not earn red cards and to see examples of conduct global regulators have previously examined during international sporting events. Below is a list of do’s and don’ts for four types of business related to the World Cup event: 1) construction, infrastructure, and security, 2) ticket sales and gifts, 3) advertising and marketing, and 4) hospitality, travel and related expenses, and technologies. For each category we have provided do’s and don’ts for relevant areas of the law, including competition, the Foreign Corrupt Practices Act (FCPA), privacy, security, and employment.

Stadium Construction, Infrastructure, and Security

  • Competition
    • DO: Engage in competitive bidding processes and abide by relevant procurement and competition laws.
    • DO NOT: Enter into pricing, bidding, or information sharing agreements with competitors that manipulate bidding for potential contracting opportunities.[3]
    • DO: Be transparent with stakeholders about teaming and joint bidding arrangements and consult with counsel before entering into such arrangements.
    • FCPA
      • DO: Work with counsel to set up strict accounting controls and implement fraud and corruption detection procedures.[4]
      • DO NOT: Make payments or give gifts to parties or officials as part of the bidding process. Promptly report any such solicitations by parties or officials to counsel.[5]  
    • Privacy and Data Protection
      • DO: Work with counsel to ensure that biometric information (e.g. facial geometry, iris scans, voiceprints, and fingerprints) is collected in and around stadiums in accordance with federal, state, and local privacy obligations.[6] Develop a robust biometric compliance program that takes into account the unique legal and compliance concerns associated with the collection, processing, and protection of this type of sensitive consumer data.
      • DO: Work with counsel to create and/or test incident response protocols and review and/or update cybersecurity risk management, strategy, and governance programs.[7] Engage in tabletop exercises to prepare for various scenarios, including ransomware attacks, insider threats, and Industrial Control System compromise.[8] Preparedness should also consider protocols for reporting security incidents to government authorities in accordance with local laws.[9]
    • Other
      • DO: Consult legal counsel before entering into any exclusivity arrangements in contracts with entertainment partners and local small businesses.[10]
      • DO: Abide by welfare standards adopted by host city committees, which may require the implementation of protections for worker health, well-being, safety, and security on construction sites.

Ticket Sales and Gifts

  • Advertising
    • DO: Allow users to re-sell purchased tickets to matches, implementing technical protocols to detect and remove cases of duplicated or falsified tickets.[11]
    • DO: Disclose the full price of tickets, including any additional mandatory fees, when advertising prices. Starting in 2024, some jurisdictions will require that advertised ticket prices must include the sum of the ticket price and any applicable service charge.[12]
    • FCPA
      • DO: Encourage transparency about what forms of hospitality (like provided travel, meals, and accommodations) are available to officials, their families, or involved parties.
      • DO: Set up and enforce accounting controls to track who has access to and who may receive items above nominal value. Popular gift items like game day tickets, viewing parties, and corporate gathering invitations should monitor and track recipients.[13]
    • Competition
      • DO: Consult legal counsel before deciding whether to tie or bundle match tickets with superfluous services or items. While multi-day ticket packages or “day passes” are permissible, requiring fans to purchase unrelated memberships or subscription services is not.[14] 

Advertising and Marketing

  • Privacy and Data Security
    • DO: Create and/or update privacy statements provided to event goers regarding the company’s collection and use of their data. Assess whether any federal, state, and/or local privacy law obligations may apply to your collection of personal information from event participants and work with counsel to develop a privacy compliance program.
    • Marketing
      • DO: Ensure that endorsement marketing campaigns comply with relevant legal requirements and guidance, such as the Federal Trade Commission’s (FTC’s) recentlyupdated endorsement guides. Implement policies, contracts, and procedures when engaging celebrity endorsers (e.g., soccer stars, sports commentators) who may promote and endorse your products, monitor compliance with those policies, and take actions sufficient to remedy noncompliance.[15]
      • DO: If QR codes are part of your business’s marketing strategy, use best practices, such as disclosing the link destination within the advertisement and ensuring that the QR-company mediating the connection has data collection practices in line with your privacy policy (e.g., taking reasonable measures to ensure the link doesn’t lead to malware).[16]
    • Competition
      • DO NOT: Collude with other competing companies and executives to pre-determine the winners or otherwise manipulate the bidding processes related to marketing and advertising opportunities.[17]

Hospitality, Travel and Related Expenses, and Technologies

  • Competition
    • DO NOT: Share pricing information or reach any agreements regarding pricing, including fare or rate plans, with competitors in the airlines, hotel, transportation, or other industry.[18]
    • Privacy
      • DO: If offering an app that provides visitors with access to travel information and accommodations, only collect the information you need to provide the service (data minimization) and only use the data for the purpose for which it was collected (purpose limitation). Consider deleting data that is no longer needed after an event.
    • FCPA
      • DO: Scrutinize all travel-related expenses for foreign officials related to business activities to ensure no corrupt intent is present. Review expenses for a legitimate business purpose and reasonable costs and pay vendors directly wherever possible. All expenses for personnel should be related to “the promotion, demonstration, or explanation of” products or services and not include any additional compensation.[19]

Conclusion

Competition authorities are always alert to popular events such as the World Cup triggering illegal conduct. This latest initiative by the DOJ and its counterparts in Mexico and Canada serves as a reminder for companies to be mindful of the law and alerts potential victims of illegal conduct. Companies doing business related to the 2026 FIFA World Cup should ensure that they know and understand the applicable law in the U.S. and elsewhere, so they don’t commit a foul.


[1] Press Release, U.S. Dep’t of Just., “United States, Mexico, and Canada Launch Joint Initiative to Detect Collusive Schemes Seeking to Exploit the 2026 FIFA World Cup” (Sept. 22, 2023), https://www.justice.gov/opa/pr/united-states-mexico-and-canada-launch-joint-initiative-detect-collusive-schemes-seeking.

[2] Id.

[3] For example, in 2016, Brazilian antitrust authorities (CADE) accused several Brazilian construction and engineering companies of forming a bid-rigging cartel to manipulate contracts to build or renovate stadiums used in the 2014 World Cup.

[4] The FCPA sets forth guidelines for avoiding corruption and bribery charges.

[5] In 1998, officials of the International Olympic Committee were accused of receiving gifts (effectively, bribes) in the bid-selection process for the 2002 Winter Olympics. See OLYMPICS; Leaders of Salt Lake Olympic Bid Are Indicted in Bribery Scandal; see also The Long Hard Fall from Mount Olympus: The 2002 Salt Lake City Olympic Games Bribery Scandal.

[6] Certain jurisdictions such as Illinois, Texas, and Washington state, have enacted laws that specifically govern how businesses collect and process biometric information. Other jurisdictions may also regulate biometric data collection through their general or sector-specific privacy laws, data breach notification laws, and laws governing government use of facial recognition technologies. Of note, Illinois’s biometric privacy law allows for consumers to enforce the law through a private cause of action, making collection of data covered by this statute a higher-risk proposition.

[7] Cyberattacks are increasingly common for major sporting events. For example, technical issues during the Pyeongchang opening ceremony were attributed to a cyberattack. See Cyberattack Caused Olympic Opening Ceremony Disruption.

[8] Organizers of major sporting events benefit from proactive preparedness. See CISA, NFL, and Local Partners Conduct Cybersecurity Exercise in Preparation for Super Bowl LVIII. Wilson Sonsini’s cybersecurity team routinely helps companies conduct tabletop exercises in accordance with industry best practices.

[9] Additionally, failure to implement reasonable controls to protect consumer data could lead to legal liability. The reasonableness of controls will vary with each situation, so it is recommended to discuss the reasonableness of your physical, technical, and administrative safeguards with counsel.  

[10] Prior to the 2022 World Cup in Qatar, Brazilian competition authorities (CADE) imposed fines on multinational beer producers who required local bars, restaurants, and public viewing festivals to sign exclusivity agreements for beverages. See Notice from Ambev and CADE about a settlement (July 14, 2015).

[11] In 2022, over a thousand fans were turned away from a Bad Bunny concert in Mexico after multiple copies of the same ticket had been issued by Ticketmaster Mexico. Ticketmaster Mexico avoided fines by Mexico’s Federal Consumer Attorney’s office but had to refund consumers for the full cost of the ticket plus additional compensation of 20 percent of the purchase price. See Ticketmaster Mexico avoids fines over Bad Bunny concert tickets screwup.

[12] State and federal government officials are increasingly focused on “junk fees” in consumer goods and services. California recently passed a law, which will be effective July 2024, that makes it unlawful to advertise, display, or offer a price for a good or service that does not include all mandatory fees or charges, other than government-required charges or shipping charges. As such, companies should take care to update their user interface to include all fees when advertising ticket prices. See Attorney General Bonta’s Sponsored Bill to Ban Hidden Fees in California Signed into Law.

[13] While the details vary by industry and practice, the SEC regularly investigates travel, tickets, and accommodations offered to foreign officials. For instance, the SEC charged Weatherford International for authorizing bribes and improper travel and entertainment for foreign officials to win business. These charges covered the company’s activity related to the 2006 FIFA World Cup but expanded to include other business dealings. In most cases, the common denominator is gifting goods and services above a nominal value to foreign officials without a legitimate business purpose.

[14] In 2017, the German Bundeskartellamt (FCO) investigated whether the German Football Association (DFB) abused its monopoly power by requiring fans who sought to purchase tickets to 2018 World Cup matches in Russia to also purchase a DFB annual “fan club” membership. See DFB Eases Conditions for Purchase of Tickets for World Cup 2018.

[15] In 2021, an Indian self-regulatory ad industry entity issued an alert saying that brands were using the images of Olympic athletes in their marketing without the athletes’ permission. See ASCI slams brands using Olympics winners in ads without approval. Endorsers may also be held liable for misleading consumers in limited circumstances. See Brady, Curry, Shaq Among Athletes Facing Lawsuit in FTX Debacle.

[16] During the 2022 Super Bowl, Coinbase advertised a QR code without additional context.  As such, privacy and cybersecurity professionals were concerned about where the link would go, as it could have led users to a site with malware. See Coinbase’s Mystery QR Code Super Bowl Ad Is a Security Nightmare.

[17]  In February 2023, the Japan Fair Trade Commission (JFTC) filed a criminal accusation against six companies, including advertising giant Dentsu, and several executives for allegedly rigging bids for outsourcing contracts of planning test events related to the 2020 Tokyo Olympic Games. The JFTC’s criminal accusation on bid-rigging concerning outsourcing contracts of planning test events, etc. regarding the Olympic and Paralympic Games Tokyo 2020 ordered by the Tokyo Organizing Committee of the Olympic and Paralympic Games (findings of the investigation).

[18] In the months prior to the 2010 World Cup in South Africa, the South African Competition Commission raided several airlines’ offices to investigate a price-fixing cartel amongst carriers to increase fares for international and domestic travel during the World Cup. In the matter between The Competition Commission and South African Airways (Pty) Ltd, Case No. 18/CR/Mar01.

[19] The DOJ has established advisory opinions to explain when and how a business can pay for a foreign official’s necessary travel related to legitimate business purposes. See DOJ’s FCPA Opinion Release No. 23-1 (August 14, 2023); see also FCPA Opinion Release 11-01. In 2016, Novartis agreed to pay $25 million to settle FCPA charges brought by the SEC alleging that Novartis’s Chinese subsidiaries used local travel agencies to arrange entertainment and recreational travel for healthcare providers. In exchange, the healthcare providers allegedly agreed to prescribe Novartis drug products. See https://www.sec.gov/files/litigation/admin/2016/34-77431-s.pdf.

What do you think?

Written by Moneyofficeteam

Anywhere Names Tech and Financial Services Innovator Rudy Wolfs Chief Technology Officer

Patrick Mahomes sets record for career Super Bowl fumble recoveries