As a lifelong soccer player currently stricken with World Cup fever, I feel the need to focus this week’s article on an app that everyone attending the games will download: FIFA World Cup 2026. If you’re going, you’ve already paid $500 or more for your ticket. What you probably didn’t know is that FIFA collects a second payment: your data. Using my new, free tool, Daylight, I’m going to show you what you clicked “I agree” to, and 6 things you can do in a few minutes to protect yourself.
Before we dig in, ask yourself these questions:
- What data does the app take from me, and what’s it worth?
- What companies have their hands on my data?
- How can my data be used during and after the game?
Data Taken
What exactly can FIFA and the other companies behind the event take from you? As shown in Daylight’s first section, the three most important things are:
- Precise location. Not just your city, but your exact spot. At a stadium or fan zone, that means how long you spent at the gates, concession stands, sponsor booths, and even the bathroom. Outside the stadium, it can be used to figure out where you are staying, how you get to the stadium, and places of interest before or after the game.
- Persistent identification. Your advertising ID and device ID are the codes that can tie this app to the same “you” everywhere else online. Your government ID can tie these profiles to your offline life. This is the thread that turns scattered data into a single, comprehensive profile.
- Demographic data. Age range, income range, gender, country, and “inferences” assumed about you. Advertisers pay a premium for this when attached to an ID, because it tells them not just what you did, but who you are.
FIFA and its partners don’t just want your ticket money. They want a permanent, sellable profile of who you are to use for their own purposes. So, what’s it worth to them? About $600 a year, and you’ll never see a cent of it.
Companies Hiding in the App
Based on my own analysis and several trusted open-sources, I count more than 20 different companies that are quietly embedded into the FIFA World Cup app.[1] If you want to see the complete list of companies I found hiding in the app, go to the ‘Trackers in the app’ section.
The big ones you probably expected are in there, such as Amazon, Google, Meta, and TikTok. There are also numerous companies from all over the world I’d never heard of before, such as:
- Tapad – An identity-tracking company that monitors where you go, online and offline. It’s owned by Experian, one of the three big credit bureaus behind your FICO score and the financial data lenders use to judge you.
- Persona.ly – An advertising and identity-tracking company specializing in “user acquisition” (getting apps installed through targeted ads). By its own description, it’s headquartered in Israel with offices in Korea, Japan, Russia, and China, countries far outside the reach of US privacy law.
According to the FIFA World Cup app’s privacy policy, the companies operating the app have a lot of leeway with what they can do with your data and who they can share it with.[2] I highlight the most important ones for you in the ‘Terms Red Flags’ section. For example, FIFA and the app can take your data from third-parties (like Meta, Google, etc.), combine it, and share with even more third-parties. When I clicked the link to see which companies FIFA partners with, it brought me to this page:

Where Your Data Goes After the Game
The final whistle does not stop FIFA and its partners from using your data. As I highlight in Daylight’s ‘Terms Red Flags’ section, here are three things the app’s privacy policy allows:
- The organizers can keep your data as long as they want. The policy says data is retained “as long as needed or permitted,” on their criteria, not yours. Deleting the app does not cut them off; the data they already collected stays put until you file a formal deletion request.
- They sell it. The policy states, in its own words, that they sell personal information as defined under California law. Your profile is shared with Endeavor, FIFA, Soccer United Marketing, and Major League Soccer, each of which then uses it under their own rules and can share it with whoever they want.
- It travels. Your data is stored and processed across the US, UK, and Europe, handled by staff outside your country, and can be disclosed to government authorities on request in any of the countries it touches.
What to Do Next
Below are 6 things you can do to protect yourself in less than five minutes. Delete your Advertising ID.
- Disable location sharing.
- Turn off app personalization.
- Turn off Wi-Fi and Bluetooth scanning.
- After the game, delete your FIFA ID and data.
- Submit a formal data deletion request.[3]
The Daylight tool provides step-by-step instructions for both iOS and Android, and additional things you can do to protect what you own. Create an account and start managing your data with intention.
Your data fuels a trillion-dollar industry most companies would prefer you keep forfeiting your valuable data without resistance so they can monetize it for themselves. You need someone in your corner and My Data Union is the representation you deserve.
[1] Exodus Privacy, TrackerControl, internal analysis.
[2] https://fifaworldcup26.hospitality.fifa.com/privacy-policy
[3] https://privacyportal.onetrust.com/webform/889c435d-64b4-46d8-ad05-06332fe1d097/a0a81df5-8fad-4437-bfa9-9ff04a20bb55


It’s scary
They’re making $600 a year on this?!?