Athlete data is more than just numbers and stats. It can provide very valuable insights into performance, health, injury risk and even mental state. Thanks to rapid developments in sports tech, sporting organisations (SOs) are increasingly using data to make decisions that affect the careers and lives of athletes (both positively and negatively) to give SOs the edge over their competition.
This has become an area of contention for athletes, with the realisation that some SOs have failed to meet their legislative obligations. Former NRL player Jamie Buhrer emphasised this point earlier this year during discussions relating to collective bargaining agreement negotiations between the Rugby League Players Association and the National Rugby League (NRL). The area has also been highlighted in the Australian Football League’s (AFL) Collective Bargaining Agreement 2023-2027, where the parties agreed that, within 6 months of execution of the Agreement, a full review of relevant parties’ compliance with the applicable privacy laws would be undertaken.
So, what laws govern the collection, use and disclosure of athletes’ data? In Australia, these issues are regulated by the Privacy Act 1988 (Cth) (the Act). Almost all elite SOs need to comply with the Act when they deal with athlete data (because they meet the definition of an APP entity in the Act).
Types of Information
The Act applies to, among other things, the collection, use, storage and disclosure of an individual’s ‘personal information’. Relevantly for the purposes of this article, included within the definition of personal information is ‘sensitive information’.
It is worth noting that the Act does not confer ownership of personal information to any person – it merely sets out how such information should be dealt with.
Personal Information
Section 6 of the Act defines personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
Examples of personal information includes an athlete’s name or address.
Sensitive Information
Section 6 of the Act also refers to sensitive information. Sensitive information includes, among other things:
Relevant to sports, sensitive information includes information regarding an athlete’s fitness level, body fat %, injuries, medical reports and other data obtained whilst training or playing.
Regulation of Personal Information
The collection, use and disclosure of an athlete’s personal information and sensitive information is largely regulated by section 15 of the Act, which prohibits SOs from breaching the Australian Privacy Principles (APPs). The APPs are a set of principles that provide athletes with specific rights over their information and place restrictions on SOs when dealing with athletes’ data. These rights and restrictions include:
Notification of the Collection of Personal Information
APP 5 requires SOs to notify athletes when they collect their personal information. In doing so, they are required to provide information including, but not limited to:
In practice, this is often set out in a SOs Privacy Policy.
Collection, Use and Disclosure
APP 3 states that a SO must not collect, use or disclose an athlete’s personal information or sensitive information unless it is reasonably necessary for their functions or activities. Further, APP 3 requires a SO to also obtain an athlete’s express consent to collect, use or disclose their sensitive information. Importantly, this consent must be:
It is this area that has been put under the spotlight in recent times, with some athletes/players’ associations alleging that SOs have not been collecting, using and disclosing sensitive information relating to athletes in the manner required pursuant to the Act. It is therefore now a major discussion point in CBA and other contract negotiations with athletes.
Access to Information
APP 12 provides athletes with the right to access their personal information held by a SO. This is not an unconditional right, and the SO may refuse to provide such access in certain circumstances.
Conclusion
Safeguarding athletes’ data in the modern age is a nuanced challenge. While advancing technologies empower organisations to make more impactful, informed decisions, they run the risk of infringing on athletes’ privacy rights. Navigating this legal landscape requires a conscientious adherence to the applicable regulations in order to balance data-driven decisions with athletes’ privacy, ensuring trust and integrity across Australian sports.
Director,
Hope Earle Lawyers and Advisors