Whose data is it anyway?

A data point is collected on an athlete for every sprint, jump, throw, press, and squat. A coach watched the data point performed and then recorded it using a company’s technology paid for by the university or organization. Thus, a complex narrative unfolds, who's data point is it? Does it belong to the coach who facilitated the test and programmed the workout? Is it the property of the school that pays for the timing gates? The head coach also brought the athletes to the campus to get recruited on their Junior Day and have their height, weight, and wingspan gathered. The company hosts the server where the data is housed, too. My personal, moral understanding and intuition tell us that it belongs to the athlete who did the sprinting and jumping and whose metrics were gathered, BUT, where do we draw the line when it comes to discussing these data points in War Rooms, contract negotiations, when a proud coach posts a PR on social media, or when a department switches up their tech? When I asked other coaches their thoughts, they had a different intuitive answer. If everyone’s understanding of data ownership is up for interpretation and different, how do we safeguard and ensure the ethical use of non-medical information? 

Learning Your ABDs

The first publication I came across in my research for this blog was from the Sports Business Journal on the eve of the 2017 MIT Sloan Sports Analytics Conference. The Sports Industry’s New Power Play: Athlete Biometric Data Domination highlights biometric data specifically for professional sports. It discussed “ABD” or athlete biometric data. This data, which is not new in a world of AI and augmented reality, is "property owned by the athletes and is subject to privacy and intellectual property rights". Now this is not the data that gets thrown on baseball cards or as you make your picks for your fantasy leagues. The biometric data and biodata are granular metrics and are unique to an individual, and thus identifiable and fall within the scope of image and likeness laws. For college athletes, the NCAA has not created a policy regarding the sale or licensing of ABD that is not already available to the public (think data not on the team website), but if you work/worked in the collegiate setting, you are aware of FERPA - Family Educational Rights and Privacy Act - which protects:

Any record maintained by an institution that is directly related to a student or students. This record can contain a student’s name(s) or information from which an individual student can be personally (individually) identified.

No clause specifically covers “athletic performance information”. Whether athletic performance data falls under FERPA protection depends on how it is maintained and used by the educational institution. If the athletic performance data is maintained as part of the student's education records and is personally identifiable, then it is likely protected under FERPA. However, if the data is collected and maintained separately from education records and is not personally identifiable, it may not be subject to FERPA.

With biometrics and biodata collected by wearables, it makes sense that this intersects with health information privacy laws. Most of this data is used as a proxy of "health care" in return to play - further blurring the line between healthcare and player performance. But what about the case of connected devices and the analysis of these metrics being shared among stakeholders for purposes outside of advancing performance? 

Best way to get out of a headlock? Don’t get in one.

Internationally, the GDPR sets stringent guidelines for data processing, emphasizing consent and accountability. However, within the realm of sports, where power imbalances between athletes and coaches exist, obtaining genuine consent becomes a challenge. For paid athletes, i.e. NFL players, current federal employment laws like the Americans with Disabilities Act and the Genetic Information Nondiscrimination Act restrict how employee health data can be used. However, at the widely viewed and hyped NFL Combine, what about players who are not yet employed by teams and not protected by the NFL Players Association and collective bargaining agreements? In medical waivers that are signed, players consent to share:

My entire health or medical record and Health Information about me relating to any injury, sickness, disease, mental health condition, physical condition, medical history, medical or clinical status, diagnosis, treatment, or prognosis from any source, including without limitation all written and/or electronic information or data, clinical notes, progress notes…

…you get the picture.

College athletes aren’t employees, are they covered under different protections that a player’s union has in place? There is precedent for protecting private information for college athletes, but what was hard to find was precedent for “breaches” of ABD information (I am willing to put money on landmark cases in the coming years for precedent to be set.) For collegiate athletes and underage athletes going on recruitment camps, if we follow the logic of FERPA, should “school officials with legitimate athletic performance interest” only be permitted data with a waiver that permits the sharing and use of recruiting camp data? Extending FERPA to cover performance data, including ABD, and implementing specific terms and conditions for athletes and coaches could offer additional protection and ensure informed consent regarding data usage.

This was a lot of terminology and hypothetical questions to set the stage. So let’s get into what this may mean for the boots-on-the-ground practitioner. Scenario: The team you are working with is coming off a few losses in a row. The head coach wants free-range access to the GPS data and your readiness dashboard to structure the next practice and add in some “supplemental” conditioning. Has this happened to you? I get it, Head Coach is stressed about the win-loss columns and their quick film analysis was that they’re slow and out of shape. How do you frame the conversation that needs to come next? Granting access to data while transparently communicating insights, including contextual factors influencing player readiness and performance, is essential. Additionally, implementing measures to prevent misuse of data, such as prohibiting punitive actions based solely on metrics like GPS data, is important in safeguarding athlete well-being. This is a seemingly super surface-level example and I want to say that all coaches have their athlete’s best interests at heart, but I am aware of places where this exact scenario has occurred. Let’s dive deeper into some of the tech coaches have their hands on. Think about the metrics that are gathered from your Apple Watch, your Oura, your Garmin. Imagine that thrown into a dashboard. Imagine that metric being looked at in a conference room, displayed on a screen. Imagine it being scrutinized and viewed by people who lack the context and training to make sure that metric stays private.

Third Parties

We have discussed FERPA, which keeps ESPN column writers from being able to access athletes’ grades without permission. But what about companies where terms and conditions and privacy policies vary when you implement them into your program? What I stress in this case is a thorough due diligence process. 

Moving Forward

I talk a lot of legal jargon and hypotheticals in this blog, let’s be clear, I don’t necessarily have the answers to the questions that I pose. Maybe this needs to be filed under things I have no business lending an opinion on. But hey, there are still people out there who think ladders are the best way to train agility. What I do know is that there is a need for clear policies and guidelines around the collection, ownership, and use of athlete biometric data, especially as new technologies and data sources become available. What I do suggest is that administrators, parents, coaches, and athletes should be knowledgeable and have a plan of action for any data that is collected and shared. What do we do in the meantime while we wait for waivers to be approved and legislation to be passed? What does this mean for strength and conditioning coaches, sport scientists, and the practitioner who is testing, collecting, and interpreting this information? As the people who are serving our athletes and have arguably the most interaction with them day in and day out, we have a lot of trust that is placed in us. We write the programming responsible for their development as people and athletes, we spot the bench they are under, we get to see them launch off a force plate, and more often than not we have the biggest insight into the life that is behind that readiness score. We need to have a standard for the collection of data, give athletes access to their data, educate them on how it is used, and present our findings in a way that serves their best interests.