Athletes data privacy concerns raise question of what counts as biometrics

Professional athletes have launched an initiative called Project Red Card to protect the privacy of their sports performance data, which may include biometrics.

The Athletic reports that more than 850 soccer players in the Premier League, EFL, National League and Scottish Premiership are collectively alleging the use of data on their physical state without a legal basis by over 150 companies. The players have been working with Slade, a group of lawyers and data specialists formed by former Cardiff City manager Russell Slade.

The data is referred to as ‘biometric’ by Legal Sports Report, but on further reflection, that characterization is called into doubt, with the publication referring to it as “observable performance data.” That would seem to indicate data more like running speed or calories burned than heartbeat biometrics. Any of the above, however, could be interpreted as personal data covered by GDPR.

In North America, Major League Baseball has banned the commercialization of player biometric data in its latest collective bargaining agreement with the Players’ Association, but the issue is dealt with differently in different sports.

The CBA of the National Women’s Soccer League is one of several that places ownership of player data at least partially with the players, SportTechie reports.

“Biometric Data is data or information collected in relation to the Player’s biological data, including but not limited to heart rate, heart rate variability, skin temperature, blood oxygen, hydration, lactate, glucose, readiness to play, or any derivative information,” the NWSL CBA reads. “Individually identifiable biometric data, performance, and testing results shall not be publicly disseminated or shared with a third party unless consented by the Player.”

Sportradar CEO Carsten Koerl tells SportTechie that the potential market for data collected by tracking devices worn on players is huge, and could include uses related to gambling. Questions around player rights and revenue sharing, he says, are a temporary barrier to its adoption.

What counts as biometrics?

While a person’s heartbeat can be used to identify them, the same is not true of total distance travelled, or some other performance metrics. Distance travelled is not even physiological data, making it a relatively easy case.

But what about heart rate measured during athletic performance? The data is physical and personal, and in theory could be used for identification, but it is collected for a different purpose and is not likely useful for carrying out fraud, such as through a presentation attack, even if heartbeat biometrics adoption increases substantially.

What about other data collected by health monitors and wearables?

Deciding what kind of data is in scope has been a topic of behind-the-scenes discussion at Biometric Update, so we would like to invite readers to offer their perspective on these questions in the comments below or through social media.

Article Topics

biometric data  |  biometric identifiers  |  biometric monitoring  |  biometrics  |  data privacy  |  data protection  |  fitness tracking  |  heartbeat biometrics  |  sports  |  wearables