Now more than ever, access to quality data translates to monetization opportunities and this is especially true in the world of collegiate and professional sports.  In the past two decades, data analytic tools measuring athlete health and performance have come a long way, and now, it is not just players or teams that stand to potentially profit.  In particular, the advent of wearable technology has produced a sports biometrics boom that could soon become a gold rush for players, teams, universities, and companies looking to use or sell biometric data.

However new opportunities also usher in new risks, and anyone interested in taking part will need to keep abreast of a regulatory environment that has yet to fully take shape.

How This Came to Be

Merriam-Webster defines biometrics as “the measurement and analysis of unique physical or behavioral characteristics (such as fingerprint or voice patterns) especially as a means of verifying personal identity.”  Much of the press coverage surrounding biometrics concerns issues related to facial recognition technology, but wearables also collect massive amounts of other physical data every day.

Wearables come in the form of watches, rings, and now even chest straps.  More than that, wearables no longer simply count our steps.  Today, they can measure our heart rate, temperature, respiration, blood pressure and even our REM sleep cycles.  Many athletes—particularly those at the highest level of their sports—have adopted wearables in the quest to learn more about their bodies and to measure and track their health.  For instance, many baseball players now have the option of wearing a sleeve that measures elbow stress.  When millions of dollars depend on a pitcher avoiding Tommy John surgery, it is no surprise players and teams want to use this technology.

While many athletes first started using wearables on their own volition, many teams and now even college programs have begun to encourage and sometimes even directly provide such wearables to their athletes.  Players today usually retain some level of freedom of choice when it comes to using wearables, but that choice may disappear as new collective bargaining agreements come forth.

In fact, some collective bargaining agreements now permit leagues to collect player data from wearables measuring a whole host of metrics such as a player’s acceleration, heart rate, blood oxygen, and even glucose levels among others.  Furthermore, not only can some leagues require its players to wear sensors that measure such data, some can also use this data commercially.

It’s Now Bigger Than Just Players & Teams

As a starting point, a number of professional leagues have now signed deals with wearable companies.  But even more importantly, legalized betting across the country has produced deals between major professional sports leagues and third-party betting organizations, and many of these deals will allow sportsbooks to create new betting categories using advanced real-time data.  With the increasing state by state legalization of gambling, some estimate that the market size of sports betting in the United States will grow to annual revenues of more than $15 Billion by 2025.

This means anyone reading this—provided you live in one of the nearly 30 states that have now legalized gambling—will likely soon be able to rely on players’ biometric data when making betting decisions.  In a few years, it’s not inconceivable to imagine that oddsmakers or bettors might look to biometric data concerning a player’s blood pressure or oxygen saturation to predict whether a key player has contracted an illness that will sideline him from a game.  Or perhaps basketball players might be wearing “smart” sleeves that track shooting mechanics and could thus help predict a bad shooting night.  Furthermore, in-game prop bets might even allow bettors to bet directly on the biometric data itself.  For instance, anyone might be able to directly bet on a player’s heart rate while shooting free throws.

Legal Considerations

The commercialization of sports biometrics invokes a number of legal questions.

Who owns this data?

Presumably, individual players own the biometric data recorded on their personal wearables.  But these rights can be signed away as part of a league’s collective bargaining agreement or in a player’s contract with his or her team.  Alternatively, if a team lends wearables to its players, the teams could possibly claim ownership over the data.  Or, another way players may lose ownership over their data is if they sell it to a third party.  However, if a player sells its data knowing it could lead to asymmetric information impacting betting markets, sharing such information could possibly be construed as impermissibly facilitating gambling, and thus could be in violation of its league rules.

What Responsibilities Come With Accessing or Acquiring Another’s Biometric Data?

If teams or universities gain ownership over player biometric data, it remains unclear what responsibilities they will assume.  For instance, some posit that biometric data is not governed by the Health Insurance Portability Act (or HIPAA), while others suggest it does and that teams’ medical staffs might have to comply with HIPAA’s privacy and security rules.  In addition, access to a player biometric data might impose legal obligations to inform the player of any data suggesting a health concern.

Teams might also have to closely monitor and sometimes return or destroy biometric data.  For instance, in Washington State, “a person who knowingly possesses a biometric identifier of an individual that has been enrolled for a commercial purpose… (a) must take reasonable care to guard against unauthorized access to and acquisition of biometric identifiers that are in the possession or under the control of the person; and (b) may retain the biometric identifier no longer than is reasonably necessary.”  RCW 19.375.020(4).

Additional questions arise if a league sells player biometric data to a gambling operator but then the wearable produces faulty data that changes the outcome of a bet.  Even if aggrieved bettors do not have a strong case, they might nevertheless initiate a class action challenge against the wearable company, the league, and/or the gambling operator.

Does the Right of Publicity Apply?

Many states have right of publicity statutes that bar the use of a figure’s likeness in a commercial context without consent.  For instance, California’s Civil Code Section 3344 imposes liability on “any person who knowingly uses another’s name, voice, signature, photograph, or likeness” for commercial gain without consent.  § 3344(a).  If biometric data can reveal a player’s distinctive traits or mannerisms, the right of publicity might protect the player from the unconsented commercial use of such player’s likeness.

On the other hand, use of a player’s likeness might be deemed “newsworthy” and protected on First Amendment grounds.  In Daniels v. FanDuel, Inc., 109 N.E.3d 390, 398 (Ind. 2018), the Indiana Supreme Court—interpreting Indiana’s right of publicity statute—held that gambling websites’ use of athlete statistics in their fantasy sports offerings was protected on First Amendment’s “newsworthy” grounds.  However, unlike traditional statistics that any third-party could observe (e.g. batting average), biometric data can reveal information and patterns hidden to any third-party observer of a player’s performance (e.g. a low heart rate when shooting free throws in the fourth quarter).  While a player whose shockingly low heart rate in pivotal moments could be deemed newsworthy, this data will only be available if the player publicly discloses it or otherwise sells the data to someone who does.

What About Biometric Privacy Laws?

Just as federal health privacy laws—according to some legal experts—might not control the collection of most athlete biometric data, state biometric laws might also not apply in the sports context.  Today, states such as Texas, Illinois, and others have biometric statutes in place that limit the definition of biometrics to “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry,” and these definitions might not encompass the type of biometric data currently collected by athletes and teams.

However, some state laws are beginning to broaden the scope when defining “biometrics.”  For instance, Washington State’s biometrics statute defines biometrics as “data generated by automatic measurements of an individual’s biological characteristics, such as a fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that is used to identify a specific individual.”  RCW 19.375.010 (emphasis added).  Going further, under the California Consumer Privacy Act, “biometric information” encompasses—among other things—an individual’s “gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.”  CA Civ Code § 1798.140(b).

Given the widespread use of biometrics in sports is only now beginning to gain more understanding, it is possible future statutes might continue to broaden their scope or perhaps even expressly include the types of biometric data common in sports.

Reminders Going Forward

The law is still catching up to the commercialization of biometrics in sports, but athletes, teams, and companies looking to cash in on the monetization of this data should remember that these opportunities are not without risk.  While the legal issues mentioned above are numerous, they are certainly not exhaustive and it remains to be seen how courts apply new or currently existing laws in this particular context.  In the interim, anyone whose data may be used or anyone who wishes to use such data should seek out legal guidance as each unique situation might require a custom approach.