Complex Data, Creating Complex Risks for Sports Entities

Ashley J. Beth
Associate Editor
Loyola University Chicago School of Law, JD 2022

Advanced data driven infrastructure is now essential for sports entities to remain competitive, yet few structures are in place to manage the risks inherent in the collection of this sometimes, highly personal information. Data is utilized for virtually every aspect involved in the game, including; to enhance player performance, improve player health, deepen fan engagement, and increase betting predictions. These developments do not come about without risks to the rights of those who the data is extracted from.

The use of wearable technology in particular poses concerns about what data can be collected and who owns the rights to that data. These devices are incorporated into the fabric of sports apparel, built into sports equipment, and worn by athletes. The devices then link by Bluetooth and GPS technology, relaying real-time data. The data that is derived from wearable technology is referred to as “biometric data”. The data is comprised of unique biological and behavioral characteristics that identify a specific individual. The data is becoming increasingly personal as the technology evolves. The potential overreach is where the risks lie.

Regulating risks

There are several risks inherent in the growing demand for this complex data. The demand comes largely from third parties also looking to capitalize on the technology. Since the Supreme Court decision in Murphy v. National Collegiate Athletic Association opened the doors for legal sports betting, the demand for accurate data increased. Broadcasting and related media services are seeking out unique data points to distinguish their own brands. Sponsors can look to data driven prediction models to make determinations about who to sign endorsement deals with.  Additionally, professional teams may want to utilize data for contract negotiations and drafting college athletes.

There now exists a motive to hack into databases for those who are looking for an edge in gambling. If athletes do not consent to the use of their data, personal rights can be violated by their private information being released. Publicity rights can be violated by the unauthorized use of an athlete’s biometric data for commercial gain of their name, image or likeness. Moreover, bargaining power can be affected by this data in determining whether to cut players and extend or sign new contracts. College athletes could also be assessed based on their biometric data to determine whether or not they are drafted. Further, sponsors might use complex data in making decisions on who to work with.

No federal law exists that specifically covers biometric data. Private health information is usually protected by the federal Health Insurance Portability and Accountability Act (“HIPAA”), however the Act is structured to allow employees to waive their rights afforded by the Act. Under the players agreements with their professional sports teams, they can agree to waive federal coverage of their medical privacy. Due to the necessity to share health data within the leagues and sometimes to the public, all players agree to waive their rights. Further, HIPPA does not seem to extend to cover college athletes either. The Act is narrow as to the entities it covers, and college athletes do not fit into any of the categories. Therefore, they cannot utilize the Act to secure their data.

A few states have enacted laws to protect the use of data, however with technology evolving rapidly the scope of each law renders it useless for this advanced, biometric data. Therefore, no law currently safeguards athletes’ rights.

Professional leagues and the collegiate handling of athlete data

Professional athletes are unionized employees who bargain for their own rights through their Union. Each professional league has a collective bargaining agreement (“CBA”) that governs the relationship between the players and the league. CBA’s usually have terms for greater than five years, thus they are less adept to responding to rapid changes in technology.

The NFL CBA requires players to wear certain technologies to track performance. While the data use is limitted, the NFL is permitted to share the data it collects with third parties after it notifies the NFLPA of the use. One use that is expressly forbidden is the use of data in contract negotiations, which is also found in the NBA CBA. The express prohibition of data use in contract negotiations is arguably the most important right safeguarding players. The MLB CBA appears to bar third-party use without the consent of individual players. Players may request their team restrict or expand the list of parties who can access their data. In the summer of 2020, the NHL announced it ratified a four-year extension to its previous CBA. Language relating to biometric data was omitted.

College athletes do not have any institutional protections in place for the use of their data. The law permits colleges to require athletes to sign waivers, releasing the college from federal or state law scrutiny. Essentially, college athletes have no bargaining power when they agree to play on their college team. Despite written boundaries, use of wearable technology is prevalent in college athletics. For instance, the University of Alabama football team utilized smart watch technology to track their players sleep habits and then send the data to a third party to recommend sleep plans. Without boundaries, it appears colleges can track their athletes in any way there is a technology available to do so.

Reforming data collection

All parties, leagues, teams, players, and technology companies have a vested interest in protecting data rights. These sports entities must decide what information should be collected and what parts, if any, should be made commercially available. If this data is inaccurate, over intrusive, or not secured properly then players could face serious consequences to their livelihood. The two reasonable options to address the risks posed by evolving technology are (1) precise agreements in new CBA’s and encouraging the NCAA to adopt similar agreements, or (2) a federal law that can be amended to keep up with technology as it advances. While a homogenous federal law would ensure level protection across every league, the first option is more appealing as it allows for more individual concerns for each sport to be addressed