By: Kate Donovan
Wearable technology is often used in college athletics to track athlete’s sleep, recovery, heart rate and other measurements to predict and regulate their performance. This technology— found in devices such as the Apple Watch, Fitbits, and Whoop— has become a staple in college athletics and many programs have invested in this technology to improve individual performance and prevent injury. However, with the use of this technology there is also the ability for coaches and staff to violate the privacy of their athletes. Some wearable technology can be worn all day and every day, which is often required by some athletic programs; meaning that even when athletes are not participating in their sport their biometric data is being tracked and stored. The collection of this biometric data can have implications on student-athletes privacy rights and liberties.
The regulation of biometric data is done largely at the state level, and at the federal level the National Biometric Information Privacy Act (NBIPA) was proposed in 2020 but not enacted by Congress. The (NCAA) has no regulations regarding biometric data making it even harder for student-athletes to be protected unless their state has enacted certain biometric data privacy protections. As of this point in time, the legal framework around biometric privacy protection exists from different state regulations such as California, Illinois, Virginia, Connecticut, and several other states. Since the start of 2023, eleven different states have proposed more protective privacy laws in an effort to regulate how biometric data is collected and how it can be used. One of the main elements that are being proposed is consent from the individuals whose data is being collected but also providing individuals on what their biometric data may be used for. A critical issue that athletes are facing is that they are unaware their biometric data is being used, stored, and sold by universities to profit without their consent. Without standardized regulations it is difficult to enforce biometric data protections when the commercial market for this data collection has been established and it is even harder to determine liability because the data has likely been bought and sold repeatedly.
The collection of this biometric data has become even more controversial because of a newer NCAA rule known as name, image, and likeness (NIL) that allows college athletes to profit off their own brand while still participating in college athletics. The use of wearable technology has also opened the door for brands to get a jump on the performance of different athletes while they are in college and predict what may be a good investment in the future. For example, wearable technology has allowed specific athletes to acquire brand deals for themselves and profit. In 2022, 17% percent of athletes at the Division 1 level profited from (NIL). Prior to (NIL) and currently, schools are represented by different brands such as Nike, New Balance, Adidas, etc. These brands have established contractual provisions that obligate colleges and universities to report their student-athlete’s biometric data as part of the overall brand deal. The distribution of this biometric data to brands outside the university blurs the lines of privacy for student-athletes. Once the brands acquire this data, they also have the ability to resell to other brands and make even more of a profit. Many college athletes are unaware of how long their data is being stored, what it is being used for, and the repercussions it could have on them. Additionally, it has given brands complete access to student-athlete biometric data with almost no liability. The fact is that student-athletes are largely unaware of this making it a violation of their personal privacy and liberties because all athletes now have the opportunity to profit off their own brand, but they may also want this information to remain private. This is one of the many motivating forces behind different states working to update their biometric privacy laws to impose greater liabilities and protect individuals.
One of the main proposed policies within the updated biometric privacy laws at the state level, is to enforce these laws through private action; meaning that private entities are responsible for the liability that they incur when they are sharing, selling, and profiting off individual’s biometric data. The liability that is being proposed by many of the state’s ranges from $1,000-$5,000 depending on the offense. A way to protect student-athletes is to require schools to provide more transparency in the biometric data collection process and get the consent of their student-athletes while also explaining the ways their information is being used. The collection of biometric data is private and personal, the same way that any medical and health information is personal and protected by (HIPPA), which requires the consent of the individual to share their personal health information.
When student-athletes are participating in their sport they are often learning from the data that is provided by these wearable devices. The original intention of wearable technology was to be used for good and allow athletes to improve in their sport but also provide staff with information to keep their athletes healthy. The same way that student-athletes consent to playing their sport, they should also be able to consent to their personal information such as biometric data being collected. Furthermore, student-athletes should also have the opportunity to profit from their biometric data the same way any brand or school is able to profit from this data because of the (NCAA) regulation known as (NIL). The goal of updating biometric laws at the state level is to provide consent and protection for those whose privacy is being infringed upon but also, to provide liability for the offenders. Once liability is imposed, it is likely that colleges and universities located in more protective states will step up and provide greater privacy regulations and the hope is that eventually the (NCAA) will provide more transparent privacy regulations for the student-athletes.
Student Bio: Kate Donovan is a second-year law student at Suffolk University Law School. She is a staff member for the Journal of High Technology Law. Kate received a Bachelor of Arts degree in Political Science and Psychology from Syracuse University in 2021.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School