Biometric Data Collection in Professional Sports Reveals Holes in Privacy Law

Jennifer Park

The 2003 publication and 2011 subsequent film adaptation of Michael Lewis’ “Moneyball: The Art of Winning an Unfair Game” generated a widespread interest and appreciation for the use of data and analytics in the world of professional sports.[1] Within the past decade, accordingly, the use of wearable biometric monitoring devices has grown significantly. These devices, such as the WHOOP device, which was approved by Major League Baseball (MLB) in 2017, can collect data relating to a player's sleep, recovery, strain, heart rate, and more.[2]

MLB, the National Football League, the National Basketball Association, and the National Hockey League all reached agreements with their players in regards to the wearing of this technology.[3] Since then, players have demonstrated concerns over the ways in which the sports leagues may handle their biometric data, especially given the high commercial value of this data.[4] The MLB Players Association negotiated with MLB in 2022 to include a provision in a collective bargaining agreement that would make it illegal for MLB or any individual baseball club to "sell and/or license a player’s confidential medical information, personal biometric data, or any nonpublic data used to evaluate player performance in practices or training sessions.”[5]

The inherently intimate and sensitive nature of currently obtainable biometric data will only be exacerbated as wearable technologies gain the ability to gather more varied types of information from players. Furthermore, the possibilities of such data being used in sports betting raises incentives for hackers to gain access to this information.[6] Due to the financial and dignitary harms that could result from data leaks and other invasions of athletes’ privacy and security, the use of this data should be protected by laws that would provide avenues for athletes to take private causes of action.

Because of the lack of a generalized federal privacy law or a federal law that regulates the use of biometric data, however, there are holes in the legal avenues that can be pursued. For instance, the Health Insurance Portability and Accountability Act, which provides national standards for protection of certain health information, likely would not prove to be a viable cause of action because professional sports teams would not be considered a “covered entity” under the definition of the statute.[7] While some state omnibus privacy statutes like the California Consumer Privacy Act include biometric data as a type of data that is protected, the lack of a federal privacy statute only highlights the gaps.[8]

Additionally, while multiple states passed statutes that have the specific purpose of regulating the collection and use of biometric information following the passage of Illinois’ Biometric Information Privacy Act in 2008, a National Biometric Information Privacy Act has not progressed further after being introduced to the Senate in 2000.[9] Even among the available state statutes that regulate biometric information, the definitions of “biometric data” are inconsistent; while the Illinois statute would not encompass data from wearable devices because it focuses on data such as retinal scans and voiceprints, a newer Washington statute, passed in 2023, would cover data from wearable devices.[10]

These inconsistencies between available state statutes and the lack of privacy legislation in other states glaringly reveal the need for a federal privacy law including provisions that protect biometric data, or a federal biometric information privacy law that would explicitly cover data from wearable device technology. As the technology continues to evolve, athletes will need better ways to protect their sensitive data.

 

[1] Randy Bean, Moneyball 20 Years Later: A Progress Report on Data and Analytics in Professional Sports, Forbes (Sept. 18, 2022), https://www.forbes.com/sites/randybean/2022/09/18/moneyball-20-years-later-a-progress-report-on-data-and-analytics-in-professional-sports/?sh=5f7c3f05773d [https://perma.cc/T8XQ-T6VB] [https://web.archive.org/web/20240216204749/https://www.forbes.com/blaize/profile/savedArticles].

[2] Darren Rovell, MLB Approves Device To Measure Biometrics of Players, ESPN (Mar. 6, 2017), https://www.espn.com/mlb/story/_/id/18835843/mlb-approves-field-biometric-monitoring-device [https://perma.cc/X9S2-GEQL] [No Wayback Archive].

[3] David Sussman & Amy Egerton-Wiley, Is Betting on an Athlete’s Heart Rate During a Game Coming to Broadcasting? (Guest Column), Hollywood Rep. (July 18, 2022), https://www.hollywoodreporter.com/business/business-news/is-betting-an-athletes-heart-rate-a-game-coming-broadcasting-guest-column-1303582/ [https://perma.cc/T3G6-UFDW] [https://web.archive.org/web/20240216235852/https://www.hollywoodreporter.com/business/business-news/is-betting-an-athletes-heart-rate-a-game-coming-broadcasting-guest-column-1303582/].

[4] Thomas Alomes, Leagues Are Cashing In, But How Can Athletes Get More Value from Their Data?, SportsPro (May 4, 2022), https://www.sportspromedia.com/insights/opinions/athlete-biometric-sports-data-value-chain-sportradar-genius-nfl-nba-whoop-ncaa/?zephr_sso_ott=6WFjdz [https://perma.cc/57X6-PUH8] [https://web.archive.org/web/20240217001925/https://www.sportspromedia.com/insights/opinions/athlete-biometric-sports-data-value-chain-sportradar-genius-nfl-nba-whoop-ncaa/?zephr_sso_ott=vq0BYi].

[5] Mark Saxon, Breaking: MLB Players Coax Three Gambling-Related Concessions From Owners, US Bets (Mar. 15, 2022), https://www.usbets.com/cba-stipulates-mlb-measures-gambling/ [https://perma.cc/899V-M435] [https://web.archive.org/web/20240217000845/https://www.usbets.com/cba-stipulates-mlb-measures-gambling/].

[6] Joe Lemire, Bull Market on Data, Sports Bus. J. (Aug. 1, 2022), https://www.sportsbusinessjournal.com/Journal/Issues/2022/08/01/In-Depth/Technology.aspx [https://perma.cc/3SXZ-DV7X] [https://web.archive.org/web/20240217040443/https://www.sportsbusinessjournal.com/Journal/Issues/2022/08/01/In-Depth/Technology.aspx].

[7] 45 C.F.R. § 160 (2000).

[8] CA Civ Code § 1798.192 (2022).

[9] Tracking U.S. State Biometric Privacy Legislation, Husch Blackwell (June 20, 2023), https://www.huschblackwell.com/2023-state-biometric-privacy-law-tracker [https://perma.cc/55MY-5LGF] [https://web.archive.org/web/20240217051523/https://www.huschblackwell.com/2023-state-biometric-privacy-law-tracker]; S. 4400, 116th Cong. (2020).

[10] Id.