Colorado Technology Law Journal > Volume 23 > Issue 2 > Who Owns the Digital Athlete?

Who Owns the Digital Athlete?

By /

With modern advancements in wearable technologies and analytics, player motion data has transformed how the National Football League (“NFL”) approaches player health, scouting, and evaluation. Although the use cases for biometric data have increased, the federal laws that govern player privacy and data ownership have lagged. Professional athletes’ biometric data, especially relating to performance-related information, is not directly addressed by any current federal employment or health information laws. Instead, safeguarding professional athletes’ privacy has been left primarily to player unions and collective bargaining agreements (“CBAs”). The unfettered collection of and access to player biometric databases presents alarming threats to athlete privacy and autonomy. This paper examines current international, federal, state, and league-specific privacy regulations to identify the important considerations the NFL must make to expand the use of player motion data. This paper focuses on the role of CBAs, borrowing concepts from other regulatory bodies, arguing that players must have an opportunity to exercise ownership rights over their motion data, data use must depend on player consent, and data collection is limited and transparent. While the federal legal landscape continues to develop, professional sports leagues, like the NFL, have the opportunity to lay the foundation for a framework that protects player privacy, promotes transparency, and respects professional athletes’ autonomy and commercialization rights.

Contents hide
1 Introduction
2 Background on AI and Analytics in the NFL
2.1 The NFL’s Complicated and Gradual Implementation of Analytics
2.2 Teams Beginning to Embrace Analytics
3 The NFL’s Technological Advancements: Player Motion Data and Wearable Technology
3.1 Implications on Player Scouting
3.2 Implications for Player Health and Safety
4 Current Legal Framework
4.1 Player Collective Bargaining Agreements and Existing League Regulations
4.2 United States’ Applicable Laws
4.3 Other Existing International Frameworks
5 Legal Concerns Surrounding Player Motion Data
5.1 Intellectual Property and Data Ownership Concerns: Whose Data?
5.2 Contract Negotiations Concerns
5.3 Data Protection and Privacy Concerns
6 Conclusion

Introduction

Throughout the National Football League’s (“NFL’s”) history, the analytics movement has transitioned from a niche following to a widespread standard practice. Unlike other sports like baseball and basketball, football has a “complicated history” with advanced metrics and Artificial Intelligence (“AI”).[1] While quantitative analysis has been a form of tactical advantage in the NFL for decades, most NFL coaches and front offices were hesitant to fully embrace analytics beyond simple scouting reports and contract valuation.[2] Compared to the National Basketball Association (“NBA”) and the Major League Baseball (“MLB”), which have average career lengths of 4.8 years and 5.6 years, respectively, the NFL’s average career length is only 3.5 years.[3] Careers in the NFL are much shorter, leaving less room for error and creativity. Furthermore, unlike in the NBA or MLB, where general managers can compare true shooting percentages and on-base percentages of two players regardless of position, NFL teams have not been able to make analytical comparisons of players across various positions for much of its history.[4] As a result, the NFL historically has been the vanguard of sports traditionalism, largely hesitant to embrace an approach backed by those who had never played the game.[5]

In North American sports, the analytics movement started with the MLB in the early 2000s.[6] Unlike most North American sports leagues, the MLB does not impose a hard salary cap on its teams.[7] Therefore, MLB front offices and owners are allowed to spend an unlimited amount of money to fill out their rosters.[8] From a budget perspective, large-market teams with more financial resources can simply out-pay their smaller-market counterparts, often leading to deep-pocketed, large-market teams consolidating top player talent.[9] Handicapped by budgetary constraints, the cash-strapped 2002-2003 Oakland Athletics ( “Oakland A’s”), led by general manager Billy Beane and assistant Paul DePondesta, defied traditional sports wisdom and fully embraced a data analytics approach to player evaluation and scouting: “Moneyball.”[10] Compared to large-market teams like the New York Yankees, who had a payroll of about $92.5 million on opening day in 2000, the Oakland A’s spent only $32 million in salaries.[11] Unable to out-bid the large-market teams, the 2002 Oakland A’s opted to build their roster around a new concept called sabermetrics in an attempt to find an alternative competitive advantage.[12] Sabermetrics refers to the practice of closely studying unconventional baseball statistics such as on-base percentage and average number of pitches per at-bat, as opposed to traditional counting stats like home runs or runs batted in.

Instead of engaging in bidding wars for top players, the Oakland A’s offloaded their most expensive stars and cobbled together a roster of cheap and overlooked players based on advanced stats.[13] Miraculously, the Oakland A’s experienced immense success, which included a record 20-game winning streak in 2002 that brought notoriety to their analytics-based approach.[14] Although this data-driven analytics movement spread throughout different sports and individual franchises at varying speeds and magnitude, the seismic impact of Beane’s game-changing “Moneyball” approach to sports continues to reverberate across leagues, initiating a drastic paradigm shift in how teams assess talent, develop strategies, and execute game plans.[15]

In recent years, with the advent of emerging technologies, professional sports teams have made a more concerted effort to embrace analytics and data-driven processes.[16] As the most lucrative sports league in the U.S., the NFL is no exception. The NFL has implemented emerging technologies and analytics to augment strategic decision-making and strengthen its on-field performance.[17] The increasing integration of analytics in the NFL represents a transformative leap for both consumers and teams by revolutionizing how the league evaluates player performance, addresses player safety, and approaches the fan experience.[18] Beyond numbers and formulas, the NFL in recent years has implemented cutting-edge wearable player-tracking devices and biometric player models.[19] This technology has allowed teams to track precisely how quickly a quarterback can fire the ball into tight windows, how fast a running back can accelerate to top speed as they turn the corner, and how much separation a wide receiver can get at the top of their routes.[20]

Despite these rapid developments, regulations and legal frameworks have lagged, increasing privacy risks and ethical concerns.[21] This paper will (1) examine the current state of AI and analytics in the NFL as it pertains to player motion data and wearable technology, (2) discuss the current regulatory frameworks in place, and (3) analyze the legal gaps and challenges implicated from the NFL’s pervasive use of wearable devices that meticulously capture every nuance of player movement.

Background on AI and Analytics in the NFL

The NFL’s Complicated and Gradual Implementation of Analytics

To understand the NFL’s current analytics landscape, it is important first to examine the path that the analytics movement took to transition from a niche interest to a widespread standard. The beginning of the NFL’s advanced metrics revolution began in the 1980s when Virgil Carter, then a quarterback for the Cincinnati Bengals, and Robert Machol, a systems engineer, published an academic paper called “Operations Research on Football.” [22] This paper focused on measuring the value of a possession and introduced the concept of a team’s expected points scored per drive.[23] Building on Carter and Machol’s paper, Bill James, known as the Godfather of Sabermetrics, wrote “The Hidden Game of Football,” which introduced and popularized concepts such as expected points added (“EPA”).[24] EPA considered factors such as distance to go, field position, down, and time remaining on a “play-by-play basis” to assign a numerical value for each play result.[25] EPA became the foundation for quarterback rating (“QBR”), a commonly relied-on statistic to analyze and evaluate quarterback performance today.[26] Within a few years, teams began using computer simulations, employing these new statistics and concepts to analyze game strategies and player performance.[27]

In the mid-1990s, Joe Banner, an executive for the Philadelphia Eagles, established the league’s first analytics department, with the hopes of weaponizing the advanced statistics responsible for reshaping basketball and baseball on the gridiron.[28] Unlike most of his front-office peers, Banner believed there was an untapped “competitive advantage in analytics.” Banner was determined to help the data-driven approach gain headway among naysayers who feared that data scientists would take decision-making power away from life-long football minds and coaches.[29] Although analytical data was available, front offices primarily used this information for contract valuations.[30]

However, as prominent successful franchises such as the New England Patriots and the Baltimore Ravens began to prioritize analytics, opposing teams looking to copy their success began to follow suit.[31] Another significant factor contributing to the analytics evolution was the influx of young, innovative coaching minds. As long-time tenured coaches were phased out of the league and replaced by a new wave of young offensive-minded coaches and general managers, the NFL began to embrace data and AI. By the early 2010s, the transition towards a more data-driven league was evident.[32] Data analytics was no longer a niche competitive advantage employed by only a few contrarian franchises.[33]

In 2012, the Cleveland Browns hired Joe Banner, the former Philadelphia Eagles Executive and the brain behind the NFL’s first analytics department, as the franchise’s CEO.[34] The team followed this move by hiring Paul DePodesta, Billy Beane’s right-hand man from the 2002 “Moneyball” Oakland A’s, as its chief strategy officer in 2016 to help modernize the franchise.[35]

Teams Beginning to Embrace Analytics

While innovative, data-oriented front offices in the NFL faced more of an uphill climb than their baseball and basketball counterparts, by the mid-2010s, the league had experienced a dramatic paradigm shift.[36] Teams like the Baltimore Ravens and the San Francisco 49ers, known for having two of the league’s more advanced analytics departments, consistently finished at the top of their respective conferences.[37] Other franchises like the Jacksonville Jaguars and the Minnesota Vikings followed suit and launched similar analytics departments.[38] By the late 2010s old-school football intangibles had taken a backseat to innovation as teams began to challenge traditional norms in hopes of finding any competitive advantage.[39] One glaring example of this change is the devaluation of the running back position. With the NFL’s modern rule changes, such as emphasizing the roughing the passer rule to protect quarterbacks and prohibiting downfield jamming to ensure that defensive backs could not manipulate down-the-field route running, the data demonstrates that teams were best suited to build rosters around a prolific passing game instead of the traditional ground-and-pound running game.[40] As a result, the value of quarterbacks and wide receivers skyrocketed while the value of running backs plummeted.[41]

In fact, before the 2023 season, the NFL’s top running backs hosted a private Zoom meeting to discuss the diminishing valuation of the running back position and potential remedies.[42] Among those in attendance were some of the league’s biggest names at the position, including Austin Ekeler, Nick Chubb, Saquon Barkley, and Derrick Henry. Despite being among the most productive and integral offensive players on their respective teams, they earn significantly less than the quarterbacks and receivers.[43] Ekeler, who was undrafted in 2017, may be the most obvious example of the NFL’s devaluation of the running back position.[44] Unlike his peers, who were all drafted in the first round, Ekeler produced historic numbers on a bargain undrafted salary.[45] As a result, Ekeler—who became the seventh player in NFL history since 1970 to lead the league in touchdowns in back-to-back seasons[46]—is the perfect example of how undrafted running backs can match and even outproduce their first-round counterparts.[47] With such highly productive and valuable running backs consistently available at lower costs in the later rounds of the draft and through undrafted free agency, analytics have dissuaded teams from spending high draft picks and cap space on veteran players at the position. In 2017, the franchise tag for the running back position, a one year contract worth the average of the top five salaries at the position, was worth roughly $12.1 million.[48] Today, that figure has diminished to $10.1 million.[49] In comparison, the franchise tag figures have drastically increased for every other position.[50]

Not only have teams been reluctant to pay running backs, but they have also run the ball at historically low rates.[51] The average number of passing attempts has risen with the league’s gradual use of analytics.[52] Compared to the 1970s, where teams called passing plays only 43 percent of the time, teams in the 2010s called passing plays 56.6% of the time.[53] The drastic changes in the NFL’s offensive philosophy are one of the most unmistakable examples of how the NFL’s perception of analytics and AI have flipped.

The NFL’s Technological Advancements: Player Motion Data and Wearable Technology

The NFL’s reliance on advanced technologies and AI is the modern-day replication of the 2002 Oakland A’s “Moneyball” quantitative methods used to evaluate players.[54] Beyond analytics and roster building, the NFL’s most recent evolution in AI comes in the form of player motion data via radio-frequency identification chips and global positioning system (“GPS”) devices.[55] With the player motion data obtained using radio-frequency identification devices (“RFID”) and GPS, the league and its franchises now use the power of AI to revolutionize player scouting and injury prevention.

Implications on Player Scouting

In 2018, the NFL subsequently launched its own “Next-Gen Stats” (“NGS”) service, which aims to provide teams and consumers with the advanced analytics and data using the power of Machine Learning and player motion data.[56] NGS, developed in partnership with Zebra Technologies and Amazon Web Services (“AWS”), accomplishes this by collecting motion data from players using “nickel-sized” RFIDs placed on the ball, the pylons, chains, and in every player’s shoulder pads.[57] The tracking system implemented via NGS captures player data such as location, speed, acceleration, and distance traveled and can chart every nuance of player movement down to the inch.[58] “Teams get the raw, individual, player-level tracking data for every player on and off the field,” said Michael Lopez, director of data and analytics for the NFL.[59] With access to this new, detailed player motion data and leveraging its training data, NGS can take advantage of AWS’ new Machine Learning capabilities to generate outputs that can predict player movements, player efficiency, player routes, assignments based on formations, and potential blitzes based on defensive alignments and shading.[60] One of NGS’ newest features available to teams, Defensive Alert, automatically identifies potential blitzes by the defense before the snap of the ball.[61]

Implications for Player Health and Safety

In addition to the RFID tracking devices, the NFL has recently experimented with wearable GPS devices developed by Catapult[62] and local positioning systems (“LPS”) to gather player motion data.[63] By 2020, more than half of the teams in the league have equipped their players with these wearable devices. Each device weighs 53 grams and is installed in a vest that players wear under their shoulder pads at practice and during games.[64] The lightweight vests track more than 1,250 data points per second and provide real-time metrics, such as the player’s heart rate, distance and training load, acceleration and deceleration speed, and top speed.[65] The cutting-edge technology’s ability to provide high-level positional, inertial, and event metrics in real time enables players and coaches to understand the demands of individual players’ workloads at all times.[66]

Player motion data has completely reinvented the way the NFL visualizes and manages player safety.[67] By combining the NFL’s newly-mined trove of player data with the advancements in Machine Learning, the NFL and AWS have launched a computer simulation model called the “Digital Athlete,” which can be used to replicate infinite scenarios within the game environment.[68] Leveraging advancements in computer vision technologies and the NFL’s RFID data, the Digital Athlete model analyzes factors such as player positioning, play type, equipment choice, playing surface, injury history, and environmental information to enhance player safety through predictive insights.[69] This thorough analysis goes as far as analyzing highly unique details, such as each player’s posture, shoulder tilt, knee height, and foot angles.[70] By examining a player’s body positioning and posture, teams can observe minor imperfections in gait, velocity, or turns that may increase susceptibility to injury.[71]

Using RFIDs, teams and players can also monitor and optimize hydration, sleep and recovery, cardiovascular health, musculoskeletal health, the length of time required before returning to play, and workload intensity at an individual level.[72] Machine learning and AI models allow the NFL to collect and create a workable repository of data that helps facilitate the progression of injury assessment and prevention.[73] With access to individualized player motion data, teams have troves of information at their disposal to curate health profiles for each player on their roster.[74]

Current Legal Framework

As wearable technology and player tracking data advances, the NFL has rapidly discovered new use cases for player motion data and has aggressively pushed the technology onto the field.[75] With devices that can collect an alarming amount of data such as “heart rate, glucose level, breathing, gait, strain, or fatigue,” this data can also reveal sensitive personal information relating to “the athlete’s identity, location, or health status . . . .” [76] Regarding player motion data, the NFL is unique in that it allows teams and front offices to use biodata obtained from wearable technology during contract negotiations.[77] Despite wearing the technology, players have limited access to the collected information, creating questions about who owns player motion data.[78]

When an organization collects, uses, shares, or stores sensitive biodata, it creates privacy and security risks that implicates international, federal, and state data protection and privacy laws.[79] In the case of the NFL and its player motion data, the relevant legal frameworks include player collective bargaining agreements, the California Consumer Privacy Act (“CCPA”), the EU’s General Data Protection Regulation (“GDPR”), and individual state mandates.

Player Collective Bargaining Agreements and Existing League Regulations

Historically, players have not had an interest in their own motion data; instead, their respective teams retained sole ownership of the information and were able to use it as they saw fit.[80] However, if the data is sold to broadcast partners or other third parties, the transaction is subject to approval by league protocols and the Players Association’s collective bargaining agreement (“CBA”), which dictates all of the league’s rules.[81] As a result, the NFL’s CBA and its policies regarding wearable technology and player motion data serve as the league’s most influential legal framework.[82]

In 2011, the NFL CBA included a provision stating that the league could legally require all NFL players to wear specific motion‑tracking sensors and equipment during all games and practices.[83] Additionally, the CBA required the NFL Players Association (“NFLPA”) to consent before the league placed sensors on players’ helmets.[84] In the following years, the NFL and the NFLPA began to adopt additional regulations and provisions, shaping the regulatory landscape for wearable technology and player motion data.[85]

In 2017 the NFL reached an agreement with the wearable tech firm WHOOP, which granted players “access to, ownership of, and the option to commercialize their [own] health data.”[86] This partnership allowed NFL players to sell their health and motion data and gave third parties, like TV networks, the option to negotiate with the players instead of the league.[87] This groundbreaking agreement was the first of its kind and allowed players to finally own their own motion data rather than the teams for whom they played.[88]

While WHOOP’s deal gave players negotiating rights over their data, the NFLPA’s subsequent agreement in 2022 with Sports Data Labs, Inc. (“SD Labs”), which creates commercial opportunities for players, enabled players to transform their data into a monetizable asset “that can be shared and distributed” for a variety of use cases including “fantasy sports, gaming, NFTs, and other fan engagement verticals.”[89]

The NFL’s current CBA, which saw its most recent updates in 2020, provided a new foundation for governing digital sensors and wearable technologies.[90] The agreement stipulates that the NFL can require all athletes to wear sensors during games to track player movement; the NFL can then use this data commercially as long as the NFLPA has advanced notice.[91] As a part of the NFL’s partnership with Zebra Technologies, NFL players must wear “non-invasive” RFID chips in their shoulder pads.[92] This “non-invasive” classification weakens the NFLPA’s privacy interest in the data, granting the league leeway in commercializing the information.[93]

However, the CBA, which must comply with all federal and state laws, also recognizes that players deserve a right to their data.[94] Notably, the CBA defines all digital biometric data collected from an athlete as “health data” and states that each player has ownership rights over their own personal data.[95] As a result, if the NFL intends to use player information collected from on-field sensors for medical purposes, the NFLPA must first consent.[96] Furthermore, the updated CBA also adds that although team staff may have access to player biometric data, the data would be prohibited from being referenced or used in contract negotiations with players.[97] This new provision helps address many player concerns regarding motion data and serves as a helpful incentive for players to embrace the new technology in their training.[98]

Today, the NFL and NFLPA have taken great strides in finding a balance between the league’s financial interests and its players. Following the 2020 CBA and the deals with WHOOP and SD Labs, the NFLPA seems optimistic about the current legal framework and its ability to protect player privacy while also allowing the players to benefit financially from the lucrative commercialization of the data.[99]

United States’ Applicable Laws

In addition to the league’s regulations and the NFLPA’s collective bargaining agreement, the NFL must also consider the U.S.’s consumer privacy laws and individual state legislation. In the United States, because of the development of new technologies and business models, consumer privacy has increasingly become a priority for policymakers, with the Federal Trade Commission (“FTC”) even urging legislators to enforce stricter transparency and accountability requirements for businesses.[100]

In the United States, the Health Insurance Portability and Accountability Act (“HIPAA”) privacy rule establishes the minimum national standards to protect sensitive protected health information.[101] This privacy rule “addresses the use and disclosure” of patient health information, ensuring that “covered entities” take the necessary precautions to adequately protect patient privacy while promoting the flow of information to ensure high-quality care.[102] Therefore, most initial privacy concerns regarding player motion data and wearable technology centered around league compliance with HIPAA.[103] Since its inception, there appears to be a consensus that HIPAA does not apply to player motion data or wearable technology because HIPAA does not cover wearable technology companies.[104] Furthermore, the league had bypassed HIPAA by requiring players to consent to sharing their information.[105]

Additionally, not all state statutes consistently mention or include biometric data in their respective privacy frameworks, leaving early cases of wearable technology in legally uncharted territory.[106] For example, older privacy acts like the Illinois Biometric Information Act (“BIPA”), which was the first law to address biometric regulation in the United States, defines biometric information as any information “based on a biometric identifier used to identify an individual” such as retina or iris scans, fingerprints, voice prints or scans of hand or face geometry.[107] As a result, the advanced player motion data involved with wearable technology does not fit within BIPA’s narrow classification of biometric identifiers, and the NFL was not forced to comply with these outdated legal frameworks.[108]

However, post-BIPA privacy laws have begun to broadly define biometric data to encompass wearable technology and player motion data.[109] The most prominent example of such broad privacy legislation is the California Consumer Privacy Act (“CCPA”), which applies to all for-profit businesses that do business in California and meet either a revenue threshold or consumer data collection minimum. The CCPA also expands the definition of personal information to broadly include personal information that can be used to establish individual identity, including sleep patterns, health data, and exercise data.[110]

As the United States’ leading privacy legislation the CCPA is highly influential in regulating the NFL’s handling and sale of player motion data.[111] Although only three of the NFL’s thirty-two teams reside in California, the CCPA has resounding ripple effects across the entire league due to the global digitization and sharing of data.[112] Implemented in January 2020, the CCPA prioritizes data minimization and consumer transparency.[113] Most notably, the CCPA grants consumers the right to know about personal information collected about them; the right to delete personal information collected; the right to opt out of sharing personal information; and the right to limit the disclosure of sensitive information.[114] As the most comprehensive data privacy law in the United States, the CCPA is the model framework for modern consumer privacy regulation.[115]

Professional sports leagues, like the NFL, that collect and share sensitive athlete information, must abide by the CCPA, regardless of whether the organization itself is entirely based in California.[116] The CCPA also covers employee data. Specifically, the CCPA gives employees the right to access their personal data, know when employers are monitoring them, and request that their data be deleted.[117] Furthermore, because NFL players are considered employees, they are also covered under the CCPA.[118] Under the act, the NFL must provide consumers and athletes with information about their data collection practices, grant players the right to delete their data, and allow them to object to its sale.[119] Furthermore, since the CCPA defines the scope of personal information broadly, these protections can be interpreted to cover personal biometric data and wearable technologies.[120] Essentially, the CCPA obligates the NFL to prioritize disclosure and transparency regarding data collection and usage, imposing protective barriers on the players’ behalf.[121] Considering that the CCPA also prohibits athletes from waiving their rights, the act directly impacts the measures that the league must take to monetize and commercialize player motion data.[122] In conjunction with the NFL’s new CBA, the United States’ state privacy legislation establishes stringent security protocols to help ensure the league prioritizes player privacy.[123]

Other Existing International Frameworks

As professional sports leagues begin to unlock the untapped potential of biometric data, an increasing number of regulatory risks have arisen. In effort to regulate these concerns, several laws have begun to emerge worldwide.[124] The most notable of these international laws is the General Data Protection Regulation (“GDPR”).[125] Although the GDPR is not the primary regulation overseeing the NFL’s use of player motion data, it does play a significant role in regulating other international sports leagues, which could eventually influence how the NFL is regulated.[126]

Additionally, many U.S. based companies are subject to international jurisdiction and regulation, like the GDPR. Consequently, U.S. companies must comply with the GDPR to conduct business, provide goods or services to European Union (“EU”) or European Economic Area (“EEA”) citizens, and collect personal information about them.[127] Numerous U.S. companies have been heavily fined, with some receiving fines up to $403 million, for noncompliance with the GDPR, despite being physically headquartered outside of its jurisdiction.[128] The GDPR represents the top standard for privacy and security law globally, and many U.S. states have begun to individually implement aspects of its policies, such as the CCPA, the Virginia Consumer Data Protection Act, and the California Online Privacy Protection Act.[129]

In the EU, wearable technologies that collect and process an athlete’s data must comply with the provisions of the GDPR.[130] For European sports leagues using wearable technologies, the GDPR applies whenever “a team collects, monitors, analyzes, [or] ‘processes’ a player’s data” through a wearable device during a game or training session in the EU.[131] The GDPR established rules for processing and sharing personal data that generally rely on six fundamental data protection principles.[132] Among these six principles, the three most relevant to the NFL are the accuracy principle, the data minimization principle, and the transparency principle.[133]

(1) The Accuracy Principle: Personal data must be accurate and up-to-date, and data used by an AI-system must be “of sufficient quality to prevent any bias.”[134] However, because player performance and injury risk predictions are trained using previous biometric data records, applying the GDPR to the NFL would require AI predictions to control for inaccurate decision-making.[135] Thus, in order to be accurate and up-to-date, these predictions must account for specific factors and conditions relevant to player performance, such as field conditions, age, “a specific coach,” or “a particular work environment.”[136]

(2) The Data Minimization Principle: Although AI systems require large amounts of personal data, the GDPR requires any personal data used to be “adequate, relevant, and limited to what is necessary for the purposes for which it is processed.”[137] In the context of the NFL, the league must limit its storage of player motion data to what is deemed necessary “for the purposes for which [it] is processed.”[138] This implies that an athlete’s biometric data should be deleted upon retirement, trade, or contract expiration.

(3) The Transparency Principle: Personal data must be “processed lawfully, fairly and in a transparent manner in relation to the data subject.”[139] This means that athletes have the right to receive “meaningful information about the logic involved” in “automated decision-making.”[140] Within the context of the NFL, although the collective bargaining agreement requires consent from the players association,[141] disclosure would have to be made with the athletes themselves as well.

Beyond the fundamental principles, Article Six of the GDPR, which requires teams to obtain consent from an athlete prior to processing any personal data, is also highly relevant to the use of player motion data.[142] Additionally, under the GDPR, health data is qualified as a “‘special category’ of data,” which means that teams cannot process such data without first receiving explicit consent from the individual athletes.[143]

Although the legal landscape for wearable technology and player motion data is still developing, the GDPR presents a promising model for U.S. policymakers. The GDPR can provide compelling and persuasive guidance for the future of the NFL’s privacy protocols.[144] The GDPR has established a standard framework for how professional sports leagues handle the processing and sale of an athlete’s data, which has already started to impact how other international sports regulate player motion data.[145] While the NFL’s controlling regulatory scheme remains uncertain, the GDPR is particularly relevant to the NFL because (1) the GDPR serves as a potential model that some U.S. states have started to copy, and (2) other professional sports leagues have already adapted to comply with the GDPR, potentially establishing a standard for how organizations manage player biometric data.[146]

Legal Concerns Surrounding Player Motion Data

As wearable technology continues to evolve and gain popularity, the NFL continues to implement new applications. Embracing the league’s shift towards modern technology and analytics, NFL Commissioner Roger Goodell publicly stated in 2017 that “[w]hen we apply next-generation technology to advance player health and safety, everyone wins.”[147] While the NFL’s vast database of player motion data presents many potential advantages, the mass processing of players’ personal data raises several legal, ethical, and privacy issues. Katrina Karkazis and Jennifer Fishman, two prominent bioethicists, described the use of player motion data as having the potential to “reduce injuries, improve performance, and extend athletes’ careers.”[148] However, at the same time, the same data is at risk of compromising an athlete’s privacy and autonomy, having the potential to “disadvantage players in contract negotiations and to harm, and even cut short, athletic careers.”[149]

Although the technology has just recently been implemented, tensions have begun to rise regarding (1) who exactly owns the individual player’s biometric data, (2) whether teams should be able to use this highly personal information against players in contract negotiations, and (3) whether the highly sensitive information is appropriately protected.[150]

Intellectual Property and Data Ownership Concerns: Whose Data?

The rapid surge of wearable technology and biometric data has beneficially transformed how the NFL views player health, individual performance, and the players themselves. However, this unprecedented growth has simultaneously created unprecedented regulatory issues and concerns.[151] While the NFL and its players want to maximize the commercial potential of player motion data, there are conflicting interests that spark debate over individual stakeholders’ rights. For example, the NFLPA’s partnership with WHOOP allowed players to commercialize their performance data for the first time; however, WHOOP’s partnership does not extend to the NFL league office or any of the thirty-two teams.[152] As a result, players who wear WHOOP’s tracking wristband during games and, depending on team rules, during practices, technically violate the NFL’s dress code and risk monetary fines.[153]

The primary reason for these sanctions harkens back to the NFL league office’s 2014 partnership with Zebra Technologies and their RFID chips.[154] Considering that the deal between Zebra Technologies and the NFL league office gives the league control of the tracking data, the NFL, not the NFLPA, has sole ownership of the databases.[155] Although WHOOP’s tracking wristbands and Zebra Technologies’ RFID chips can differ in functionality and in the scope of data collected, they both collect data that greatly overlaps, which can cause conflict between the NFL and the NFLPA.[156] Based on the CBA and other independent partnerships with third parties, both the NFL and the NFLPA theoretically have some commercialization right over player tracking data.[157] However, because of other league rules, like mandatory team uniform policies that restrict player autonomy through a dress code, the players’ practical ability to exercise these rights can be hindered.[158]

When players participate in non-official functions, such as individual training or personal activities, the freedom to exercise data ownership rights more clearly tilts in favor of the players.[159] Most notably, in 2015, NFL teams attempted to monitor players’ sleeping habits, and the NFLPA filed a grievance suit against the NFL, explaining that “such use violates the Collective Bargaining Agreement[,]” because the sensors collected data that was not part of official NFL games or practices.[160] The NFLPA’s victory created a potential market for players to financially benefit beyond the league office’s confined jurisdiction because, after the grievance, teams were required to obtain approval from the NFLPA to use tracking systems for unofficial league activities.[161]

In examining the intellectual property and data ownership issues revolving around player motion data, the recent evolutions in the CBA have remedied many initial concerns. By distinguishing a player’s formal activities, such as games and practices, from a player’s personal activities, the new CBA has helped alleviate some ambiguity regarding ownership of player motion data. As a result, the CBA provides a bright-line rule that confers the right to commercialize specific datasets based on the activity a player is involved in. In terms of commercialization, while this balance does appear to favor the NFL league office, since players only retain full ownership of data tracked during non-NFL affiliated activities the CBA does create a fair avenue for players to exercise sole ownership of certain types of data.[162] From a bioethical, autonomy, and brand marketability perspective, sole ownership is a compelling opportunity for players to make their own decisions regarding their data. Throughout the past decade, tremendous progress has been made regarding the commercialization rights of the NFL and its players. As technology evolves, it is very possible that the players may find new, lucrative ways to exercise their ownership rights. However, in the meantime, the NFLPA appears to be working hard to carve out ownership rights for its players and continue to impede the league’s attempts to infringe on these rights.

Contract Negotiations Concerns

The data obtained from RFIDs and the NFL’s new wearable technology has been highly touted for providing teams a distinct advantage against opposing teams; however, this advantage could also be used against the players themselves.[163] Although the NFL and its teams often emphasize the benefits of the league’s databases of biometric information, “players are apprehensive that biometric and performance data might be used against them—primarily during contract negotiations.”[164] Traditionally, motion data was collected without player consent making the information a one-sided tool used to exploit players during contract negotiations.[165] In a league that constantly focuses on minute details, any data indicating diminished workload intensity, reaction time, or injury recovery time could cost a player a shot at a roster spot or millions of dollars when negotiating a second contract.[166]

While the appearance of diminished physical capabilities or general statistical decline from year to year could have been cause for concern in previous decades, the ability to pinpoint and measure a player’s precise moment of decline provides teams with a unique advantage in evaluating players. Requiring player consent may protect against unwanted inquiries, but once players have consented to use these wearable devices, players should still be concerned about their teams having unfettered access to their personal information. The NFL players and the NFLPA have openly stated that they believe that “the players should be guardians of their own health and performance data” and that teams must “first get consent from the union” before using these devices.[167]

Therefore, the NFLPA’s new CBA in 2020 that prohibited teams from using biometric data during contract negotiations, marked a massive victory for player empowerment and willingness to use wearable technologies.[168] This enormous win for the NFLPA represents a gigantic step in the NFL’s player empowerment movement and could signal positive momentum regarding future regulation of player motion data. Beyond the financial opportunities, the new CBA could also potentially alleviate many of the initial concerns around wearable technology, representing a massive win for the expansion of the technology. The league’s progress in addressing the use of player motion data in contract negotiations assuages many bioethicists’ concerns and indicates that the NFLPA is working to ensure that player data rights are safely managed and shared.[169] In the future, if the league continues to expand its use of wearable technologies, barring this data from being leveraged against the players will help to eliminate some of the unethical and disincentivizing obstacles that previously plagued the players.

As a result, future NFLPA CBAs and protocols on wearable technology should look to maintain this prohibition on data use.

Data Protection and Privacy Concerns

Considering that the NFL has only scratched the surface of wearable technologies, the risk of player biometric data being used in potentially adverse manners presents a valid future concern. As a result, the NFLPA and players alike look forward to the commercial benefits, but are wary of potential data abuse.[170] As the league increasingly relies on wearable technologies, Katrina Karkazis and Jennifer Fishman emphasized that it must ensure that it does so “judiciously, responsibly, and ethically.”[171] While concerns about who can sell and commercialize player motion data are essential, how that data is stored and the privacy implications are equally as pressing.

In traditional medical settings, patient health and biodata would be protected by privacy legislation, but other than the NFL’s CBA, the privacy laws that govern professional athletes are scarce.[172] This issue is complicated because the same biometric data is commercialized and presented to consumers in services such as NGS.[173] Courts have previously ruled that athletes have reduced privacy expectations due to the frequency with which their private information is shared through physical examinations.[174] Thus, due to the nature of their professions, NFL players enjoy different privacy rights and expectations than the average person.[175] Notably, the NFL can sell the same biometric data protected by HIPAA or the GDPR to broadcast partners, video game affiliates, and fantasy sports platforms.[176] As a result, the further wearable technology advances the greater the range of trackable data, and the need to establish protections for player biometric data increases exponentially.

While most of the focus on the regulations regarding player motion data pertains to commercialization rights and revenue sharing, the risk of improper data management and privacy concerns cannot be ignored.[177] Especially with the new CBA and the NFLPA’s deal with WHOOP, as the data becomes more lucrative for the players, it can also increasingly grow more invasive.[178] The modern state of wearable technologies has presented players with a conflict of self-interest where players can sell away their privacy.[179] Art Caplan, director of NYU’s Division of Medical Ethics, expressed concern on behalf of the players, cautioning that powerful conclusions can often be drawn from even the most seemingly harmless sets of information.[180]

The NFL has dramatically expanded their players’ data ownership and commercialization rights. However, progress must continue on the security and privacy front. For example, although WHOOP’s privacy policies emphasize that the data obtained and shared with third parties is anonymized to protect the athletes, the unique identifiable qualities of a professional athlete’s biometric data allows the information to more easily be traced back to the athlete who contributed that data.[181] Furthermore, the increasing value of this data for marketing, competitive advantage, and sports betting purposes raises the incentives for hackers and other nefarious actors to try to gain access to this information.[182] For example, in 2014, in hopes of gaining a competitive advantage, a scouting director for the St. Louis Cardinals hacked into the Houston Astros’ internal database, which housed an immense volume of data on every player in the organization and every metric on the team’s radar.[183] A former MLB GM compared these databases to a team’s “magic formula” that contained “all the medical records [and] lots of other confidential information” that informs a team’s decision-making about players.[184] With modern technology tracking more data than ever before, the increased risk of breach of anonymity and privacy for NFL players means the league should prioritize player privacy when developing data security guidelines.

Considering this technology is still very new, no perfect framework has been established. However, the league can build around specific privacy guidelines in the future. With the knowledge that the GDPR already regulates major European leagues, the NFL can look to the GDPR’s accuracy, data minimization, and transparency principles for inspiration.[185] Future NFL regulations on player motion data can help protect player privacy by making sure the data obtained is limited to what is absolutely necessary for the intended commercial uses while diminishing the risk of extraneous personal information being stored. Furthermore, increasing transparency can help educate players on the dangers of commercializing their biodata and equip them with the knowledge to give informed consent about selling their privacy.

Since the U.S. has yet to adopt its own comprehensive privacy framework to regulate athlete biodata, sports leagues have the potential to lead the way. The NFL’s various partnerships and updates in its CBA have positively shaped the current regulatory state of wearable technology in the NFL and the U.S. Although still in the initial stages, the league is moving in the right direction by including provisions to limit the use of player data in contract negotiations and allow players to commercialize their data.

Conclusion

Although the U.S.’s efforts towards creating a framework surrounding professional athletes’ biometric data, the landscape is still developing. Despite the progress made in this area, this kind of sensitive data still falls within a legal gray area that fails to address the privacy rights of professional athletes neatly.[186] Professional athletes’ biometric data, especially as it becomes more performance-related, is not directly addressed by any current federal employment or health information laws; this area has relied mainly on player unions and CBAs to push for tighter regulations.[187] Although the tremendous progress in the recent years is promising, to maximize the use-cases of player motion data, it is imperative that the NFL’s future regulations continue to account for the privacy rights of its players. The NFL’s recent CBA demonstrates that the league is conscious of these privacy interests, and future regulations must reaffirm this sentiment.

  1. Taylor Bechtold, How the Analytics Movement has Changed the NFL and Where it has Fallen Short, Opta Analyst (Apr. 8, 2021), https://theanalyst.com/na/2021/04/evolution-of-the-analytics-movement-in-the-nfl/ [https://perma.cc/QC98-76SE].
  2. Id.
  3. Seth Sandler, NFL, MLB, NHL, MLS & NBA: Which Leagues and Players Make the Most Money?, Bleacher Rep. (Mar. 18, 2012), https://bleacherreport.com/articles/1109952-nfl-mlb-nhl-mls-nba-which-leagues-and-players-make-the-most-money [https://perma.cc/S4EF-7FQ2].
  4. Tom Silverstein, NFL Slow to Embrace Analytics for Draft, Milwaukee J. Sentinel (Apr. 21, 2016), https://www.jsonline.com/story/sports/nfl/draft/2016/04/22/nfl-slow-to-embrace-analytics-for-draft/84959014/ [https://perma.cc/5LN4-CUN2].
  5. Id.
  6. Taylor Bechtold, State of Analytics: How the Movement Has Forever Changed Baseball – For Better or Worse, Stats Perform, https://www.statsperform.com/resource/state-of-analytics-how-the-movement-has-forever-changed-baseball-for-better-or-worse/ (last visited Jan. 20, 2025). [https://perma.cc/Z8KX-KLK6].
  7. Matt Snyder, Why Major League Baseball Does Not Need a Salary Cap for the Sake of Parity, CBS Sports (Feb. 14, 2022), https://www.cbssports.com/mlb/news/why-major-league-baseball-does-not-need-a-salary-cap-for-the-sake-of-parity/ [https://perma.cc/TY5S-HUNZ].
  8. Id.
  9. Id.
  10. Bechtold, supra note 1.
  11. Robert Skorochocki, ”’Moneyball’“ Review: Does It Work?, Bleacher Rep. (Jan. 28, 2009), https://bleacherreport.com/articles/116510-moneyball-review-does-it-work [https://perma.cc/SYS2-XQ93].
  12. Id.
  13. Id.
  14. Id.
  15. Id.
  16. From Touchdowns to Algorithms: How AI is Used in the NFL, Inclusion Digital Transformation (Mar. 29, 2023), https://inclusioncloud.com/insights/blog/ai-nfl [https://perma.cc/4PJP-KEWB].
  17. Id.
  18. Id.
  19. Jeffrey Heimgartner, The Tech. Behind the NFL’s Incredibly Precise States, Engineering (Dec. 21, 2021), https://www.engineering.com/story/the-technology-behind-the-nfls-incredibly-precise-stats [https://perma.cc/5C6S-WGB8].
  20. Id.
  21. Libby Plummer, NFL Players Will Soon Be Able to Sell their Own Fitness Data, Wired (Apr. 26, 2017), https://www.wired.co.uk/article/nfl-players-sell-data [https://perma.cc/2XF3-DELM].
  22. Virgil Carter & Robert E. Machol, Operations Research on Football, 19 Operations Res. 541 (1971).
  23. Id.
  24. Bechtold, supra note 1.
  25. Id.
  26. Id.
  27. Id.
  28. Sam Fortier, The NFL’s Analytics Movement Has Finally Reached the Sport’s Mainstream, The Washington Post (Jan. 16, 2020), https://www.washingtonpost.com/sports/2020/01/16/nfls-analytics-movement-has-finally-reached-sports-mainstream/, [https://perma.cc/ZR37-2EBY].
  29. Bechtold, supra note 1.
  30. See id.
  31. Id.
  32. Id.
  33. Id.
  34. Id.
  35. Id.
  36. Silverstein, supra note 4.
  37. Fortier, supra note 28.
  38. Bechtold, supra note 1.
  39. See id.
  40. Id.
  41. Id; Garrett Podell, NFL’s Top Runningbacks Hold Private Meeting to Discuss Next Steps in Diminishing Market, Per Report, CBS SPORTS (July 23, 2023), https://www.cbssports.com/nfl/news/nfls-top-running-backs-hold-private-meeting-to-discuss-next-steps-in-diminishing-market-per-report/, [https://perma.cc/6XS3-9AB7].
  42. Podell, supra note 41.
  43. Id.
  44. Id; DeArdo, Bryan “Austin Ekeler Staying with Chargers in 2023 after $1.75M in Incentives Added to Contract; Here’s What They Are,” CBS Sports (May 24, 2023) https://www.cbssports.com/nfl/news/austin-ekeler-staying-with-chargers-in-2023-after-1-75m-in-incentives-added-to-contract-heres-what-they-are/, [https://perma.cc/4VMV-8FUT].
  45. DeArdo, supra note 44.
  46. Id.
  47. Id.
  48. Podell, supra note 41.
  49. Id.
  50. See id. (“’[F]ranchise tag figures have all increased for quarterbacks ($21.2 million in 2017 to $32.4 in 2023), wide receivers ($15.6 million in 2017 to $19.7 million in 2023), offensive linemen ($14.2 million to $18.2 million), defensive ends ($16.9 million in 2017 to $19.7 million in 2023) and cornerbacks ($14.2 million in 2017 and $18.1 million in 2023).’”).
  51. Id.
  52. Bechtold, supra note 1.
  53. Id.
  54. Darrell M. West, How the NFL is Using AI to Evaluate Players, Brookings (Mar. 18, 2021), https://www.brookings.edu/articles/how-the-nfl-is-using-ai-to-evaluate-players/ [https://perma.cc/SFB2-VUJZ].
  55. Heimgartner, supra note 19.
  56. Id.
  57. Id.; NFL Football Operations, NFL Next Gen Stats, https://operations.nfl.com/gameday/technology/nfl-next-gen-stats/[https://perma.cc/CV2D-YRGB].
  58. NFL Football Operations, supra note 57.
  59. Fortier, supra note 28.
  60. Ted Nguyen, Behind the AI Magic that Lets Amazon’s Prime Vision Show the NFL Like Never Before, Athletic (Oct. 19, 2023), https://theathletic.com/4969578/2023/10/18/thursday-night-football-amazon-prime-vision/ [https://perma.cc/2ACB-BD3Y].
  61. Id.
  62. Heimgartner, supra note 19.
  63. Id.
  64. Id.
  65. Why Do Football Players Wear GPS Vests?, Catapult One, https://one.catapultsports.com/blog/why-do-soccer-players-wear-gps-vests/ (last visited Feb. 2, 2025) [https://perma.cc/VEB3-CARH]; Heimgartner, supra note 19.
  66. Heimgartner, supra note 19.
  67. Using Artificial Intelligence to Advance Player Health and Safety, Nfl: Player Health & Safety (Dec. 5, 2019), https://www.nfl.com/playerhealthandsafety/equipment-and-innovation/aws-partnership/using-artificial-intelligence-to-advance-player-health-and-safety [https://perma.cc/8BNT-6SFY].
  68. Id.
  69. Id.
  70. West, supra note 54.
  71. Id.
  72. Dhruv R. Seshadri et al., Wearable Technology and Analytics as a Complementary Toolkit to Optimize Workload and to Reduce Injury Burden, 2 Frontiers in Sports and Active Living, 21 Jan., 2021, at 1, 2-3.
  73. Id. at 1-2.
  74. Id. at 1-2.
  75. Eben Novy-Williams, Dallas Cowboys’ Ezekiel Elliot Runs 21 Miles an Hour, But Who Owns That Data?, Bloomberg: Business (Jan. 8, 2019), https://www.bloomberg.com/news/articles/2019-01-08/cowboys-elliott-runs-21-miles-an-hour-but-who-owns-that-data?, [https://perma.cc/PL8T-FRJE].
  76. Joseph J. Lazzarotti et al., As Wearable Technology Booms, Sports and Athletic Organizations At All Levels Face Privacy Concerns, JacksonLewis: Workplace Priv., Data Mgmt. & Sec. Rep. (Apr. 5, 2019), https://workplaceprivacyreport.com/2019/04/articles/health-information-technology/as-wearable-technology-booms-sports-and-athletic-organizations-at-all-levels-face-privacy-concerns [https://perma.cc/LXH2-ZWXE].
  77. Id.
  78. Id.
  79. Id.
  80. Plummer, supra note 21.
  81. NFL Collective Bargaining Agreement, art. 51, § 14 (2024), https://overthecap.com/collective-bargaining-agreement/article/51/section/14; NFL COLLECTIVE BARGAINING AGREEMENT, Table of Contents (2024), https://overthecap.com/collective-bargaining-agreement [https://perma.cc/4RGV-3S62].
  82. See generally Anthony Studnicka, The Emergence of Wearable Technology and the Legal Implications for Athletes, Teams, Leagues and Other Sports Organizations Across Amateur and Professional Athletics, 16 DePaul J. Sports L. & Contemp. Probs. 195, 199 (2020).
  83. Liz Mullen, Sensor Tech has Attention of Leagues, Unions, Sports Bus. J. (Nov. 2, 2015), https://www.sportsbusinessjournal.com/Journal/Issues/2015/11/02/Labor-and-Agents/Sensors.aspx [https://perma.cc/W8ZA-CE82].
  84. Id.
  85. Id.
  86. Plummer, supra note 21.
  87. Id.
  88. Id.
  89. NFLPA Takes Ownership Stake in Sports Data Labs, Signs Groundbreaking Partnership to Transform Monetization Opportunities for NFL Player Performance Data, NFLPA: Licensing & Marketing (Jun. 28, 2022), https://nflpa.com/partners/posts/nflpa-takes-ownership-stake-in-sports-data-labs-signs-groundbreaking-partnership-to-transform-monetization-opportunities-for-nfl-player-performance-data [https://perma.cc/RBL7-3QFM].
  90. Wesley Ghasem et al., Player Tracking Technology and Data for Injury Prevention in the National Football League, 20 Current Sports Med. Rep. 436, 438 (2021).
  91. Id. at 438.
  92. Studnicka, supra note 82, at 199.
  93. Id.; Ghasem, supra note 90, at 438.
  94. Ghasem et al., supra note 90, at 438.
  95. See id.
  96. Studnicka, supra note 82, at 201.
  97. Id. at 210.
  98. Id. at 210-211.
  99. Id. at 200.
  100. See FED. TRADE COMM’N, Data Brokers: A Call for Transparency and Accountability, (May 2014), at viii, https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf [https://perma.cc/5MBP-UBS6]. (““With respect to data brokers that sell marketing products, the Commission recommends that Congress consider legislation requiring data brokers to provide consumers access to their data, including sensitive data held about them, at a reasonable level of detail, and the ability to opt out of having it shared for marketing purposes.”“).
  101. Health & Hum. Servs. Summary of the HIPAA Privacy Rule at 1, https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html, (last visited Dec. 19, 2024), [https://perma.cc/4MQ3-Z8UK].
  102. Id.
  103. Casey Yang, Biometric Data in Sports Could be Subject to Biometric Privacy Laws, Cal. Law. Assoc., https://calawyers.org/business-law/biometric-data-in-sports-could-be-subject-to-biometric-privacy-laws/ (last visited Feb. 24, 2024) [https://perma.cc/2FPX-9CHP].
  104. Id.
  105. Studnicka, supra note 82, at 209.
  106. See Yang, supra note 103.
  107. Russell Perdew, Biometric Information Privacy Act (BIPA): A Checklist for Defendants, JD Supra (Nov. 10, 2017), https://www.jdsupra.com/legalnews/biometric-information-privacy-act-bipa-32984/ [https://perma.cc/AK7E-ZVE7]; See also Yang, supra note 103.
  108. See Yang, supra note 103.
  109. Id.
  110. Cal. Civ. Code § 1798.140(c)
  111. See Lazzarotti et al., supra note 76; See also Yang, supra note 103.
  112. See Josh Nadeau, How the CCPA is Shaping Other State’s Data Privacy, Sec. Intel. (Dec. 23, 2022), https://securityintelligence.com/articles/how-ccpa-shaping-states-data-privacy/ [https://perma.cc/9Z4Q-QYWJ].
  113. See id.
  114. California Consumer Privacy Act (CCPA), State of Cal. Dep’t. of Just. (Mar. 13, 2024), https://oag.ca.gov/privacy/ccpa [https://perma.cc/89ZN-J3WW].
  115. Nadeau, supra note 112.
  116. Lazzarotti et al., supra note 76.
  117. Kung Feng, Overview of New Rights for Workers under the California Consumer Privacy Act, UC Berkeley Lab. Ctr. (Dec. 6, 2023), https://laborcenter.berkeley.edu/overview-of-new-rights-for-workers-under-the-california-consumer-privacy-act/ [https://perma.cc/8SDP-ULWP].
  118. See JC Tretter, Protecting the Rights of Football Players, NFLPA, https://nflpa.com/posts/misconceptions-around-football-and-coronavirus, (last visited Dec. 19, 2024) [https://perma.cc/4LAR-4X33], (defining NFL players as employees of their respective NFL teams); See also Lazzarotti et al., supra note 76.
  119. See Lazzarotti et al., supra note 76.
  120. Id.
  121. See id.
  122. Id.
  123. Studnicka, supra note 82, at 217.
  124. See Lazzarotti et al., supra note 76.
  125. Id.
  126. See generally id.
  127. Josh Langeland, GDPR in the US: Compliance Simplified for Businesses, Termly (Nov. 4, 2024), https://termly.io/resources/articles/gdpr-in-the-us/ [https://perma.cc/UN6K-JJNJ].
  128. Id.
  129. Id.
  130. Jan De Bruyne & Michiel Fierens, Towards a New Research Line on Artificial Intelligence and Sports at CiTiP: General Overview, Ku Leuven: CiTiP (June 18, 2020), https://www.law.kuleuven.be/citip/blog/towards-a-new-research-line-on-artificial-intelligence-and-sports-at-citip-general-overview/ [https://perma.cc/9UMX-VSNE].
  131. Lazzarotti et al., supra note 76.
  132. The six principles include: (1) the accuracy principle, (2) the data minimization principle, (3) the transparency principle, (4) storage limitation, (5) the purpose limitation principle, and (6) the integrity and confidentiality principle. See Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1, 35-36 [hereinafter GDPR]; see also Jan De Bruyne & Michiel Fierens, “Towards a New Research Line on Artificial Intelligence and Sports at CiTiP: Some Preliminary Legal and Ethical Issues” (June 23, 2020) https://www.law.kuleuven.be/citip/blog/towards-a-new-research-line-on-artificial-intelligence-and-sports-at-citip-some-preliminary-legal-and-ethical-issues/ [https://perma.cc/2L73-NRTX]
  133. See generally De Bruyne & Fierens, supra note 132.
  134. Id.
  135. See generally id.
  136. Id.
  137. GDPR, supra note 132, at 35.
  138. Id.
  139. Id.
  140. Id. at 43.
  141. See Ghasem et al., supra note 90, at 438.
  142. De Bruyne & Fierens, supra note 132.. Id.
  143. Id.
  144. See generally Lazzarotti et al., supra note 76.
  145. See generally De Bruyne & Fierens, supra note 132 (describing how the GDPR applies when automated decision-making is used in sports).
  146. See generally Lazzarotti et al., supra note 76.
  147. Ghasem et al., supra note 90, at 436.
  148. Tom Taylor, Football’s Next Frontier: The Battle Over Big Data, Sports Illustrated (Jun. 27, 2017), https://www.si.com/nfl/2017/06/27/nfl-football-next-frontier-battle-big-data-whoop-nflpa [https://perma.cc/ZUS2-JP74].
  149. Id.
  150. Id.
  151. Ian McMahan, The Tricky Ethics of the NFL’s New Open Data Policy, Wired (Mar. 29, 2018), https://www.wired.com/story/the-tricky-ethics-of-the-nfls-new-open-data-policy/ [https://perma.cc/PD7D-4ZRB].
  152. Taylor, supra note 148.
  153. Id.
  154. Id.
  155. Id.
  156. Id.
  157. Id.
  158. Id.
  159. See id.
  160. Id.
  161. Id.
  162. Id.
  163. McMahan, supra note 151 (describing how players are apprehensive their performance data may be used against them).
  164. Id.
  165. Asli Pelit, Harnessing the Power of Personal Data, Stars Score Record-Breaking Contracts, Sportico (July 30, 2021, 12:01 AM), https://www.sportico.com/business/tech/2021/harnessing-the-power-of-personal-data-stars-score-record-breaking-contracts-1234635796/ [https://perma.cc/WWJ6-3AWK].
  166. McMahan, supra note 151 (““RFID data that highlights diminished acceleration or reaction time might cost a player when it comes time to keep a roster spot or goatee a contract.”“).
  167. Id.
  168. Ghasem et al., supra note 90, at 438.
  169. Taylor, supra note 148.
  170. Id.
  171. Id.
  172. Ghasem, et al., supra note 90, at 438.
  173. Id.
  174. See Brennan v. Bd. Of Trustees, 691 So.2d 324, 329 (La. Ct. App. 1997) (“After discussing aspects of communal undress, the necessity of physical examinations, as well as the fact that student-athletes share personal information with their coaches and trainers on a routine basis, the court concluded that student-athletes have a diminished expectation of privacy.”)
  175. Id.
  176. Taylor, supra note 148.
  177. See generally Taylor, supra note 148.
  178. Taylor, supra note 148.
  179. Id.
  180. Id.
  181. See id. (“In WHOOP’s privacy policy, the company stresses that data shared with third parties will be anonymized to protect the user. However, ‘due to its identifying qualities, [athlete biometric data] inherently identifies the athlete who contributed it,’ lawyer Kristy Gale wrote last year in a two-part series published in Arizona State’s Sports & Entertainment Law Journal.”)
  182. Jennifer Park, Biometric Data Collection in Professional Sports Reveals Holes in Privacy Law, Colum. J. L. & Arts (Feb. 17, 2024), https://journals.library.columbia.edu/index.php/lawandarts/announcement/view/685#_ftnref6 [https://perma.cc/V6Q3-AN83].
  183. Johnette Howard, Why Astros’ Sophisticated Database Would be Worth Hacking, Espn (Jun. 18, 2015), https://www.espn.com/mlb/story/_/id/13106874/why-houston-astros-database-worth-hacking [https://perma.cc/CUB9-FEVF].
  184. Id.
  185. Lazzarotti et al., supra note 76.
  186. Barbara Osborne & Jennie L. Cunningham, Legal and Ethical Implications of Athletes’ Biometric Data Collection in Professional Sport, 28 Marq. Sports L. Rev. 37, 58 (2017).
  187. Id.

 

Scroll to Top