big data big problems analysis of professional sport
play

BIG DATA, BIG PROBLEMS: ANALYSIS OF PROFESSIONAL SPORT LEAGUES CBAS - PowerPoint PPT Presentation

BIG DATA, BIG PROBLEMS: ANALYSIS OF PROFESSIONAL SPORT LEAGUES CBAS AND THEIR HANDLING OF ATHLETE BIOMETRIC DATA Sarah M. Brown June 25, 2019 Introduction The North American sports market is projected to reach $78.53 billion by 2021


  1. BIG DATA, BIG PROBLEMS: ANALYSIS OF PROFESSIONAL SPORT LEAGUES CBAS AND THEIR HANDLING OF ATHLETE BIOMETRIC DATA Sarah M. Brown June 25, 2019

  2. Introduction ■ The North American sports market is projected to reach $78.53 billion by 2021 (Statista, 2018). ■ Athlete biometric data (ABD) provides an opportunity to create new revenue streams for professional sports leagues, teams and athletes in addition to enhancing fan engagement and creating competitive advantageous. ■ Wearables have become ubiquitous within the five major professional sport leagues – At a minimum, each league has integrated wearables into athlete training, but the leagues’ understanding and protection of the data is still very limited.

  3. What is ABD and Why is it Important? ■ ABD is a subcategory of big data and it is any measurement or record used to identify people as individuals; identifiers may be physiological (heart rate, temperature) or behavioral. ■ https://www.si.com/nfl/2016/01/13/super-bowl-100-player- tracking-analytics

  4. Introduction Cont. ■ For professional sports to capitalize on these potential opportunities the leagues must effectively manage ownership , access , privacy, use, and security of such data. ■ Appropriate league management and security is critical because ABD is an attractive commodity, and when put into a digitized format it can easily become susceptible to cyber threats, putting the athletes at risk of loss of privacy.

  5. Purpose ■ Analyze and compare the protections for ABD set forth in the collective bargaining agreements (CBAs) of the NFL, NBA, MLB, NHL and MLS. ■ Discuss the potential gaps in protection and potential athlete exposure, as well as the applicability of federal and state laws to biometric data collection. ■ Discuss current state privacy laws and privacy laws abroad (General Data Protection Regulation).

  6. Potential Risks of ABD Collection ■ Three areas of potential risk: 1. Athlete whose data is being collected , ■ Athlete privacy and risk of misappropriation of ABD. – https://youtu.be/ug6SM5S2sIw – The most sophisticated wearable devices can collect up to one thousand data points per second. 2. Entity using the data (sport team), and 3. Vendor providing the wearable technology . ■ Security, including storage of ABD.

  7. National Basketball Association & ABD Governing Provision of ABD in NBA CBA Management • Team must provide an explanation of what the device will measure, what those measurements mean and the benefits to the player for obtaining such data. • Wearable committee created to establish security protocols, review and approve requests for wearable devices. Use • Voluntary; only approved devices. • In practice only. • Medical, on-court strategic decisions, and performance. Ownership N/A Privacy N/A Access • Player (full access); Team staff (full access). Security • Wearable committee sets cybersecurity standards. • Teams security standards approved by the wearable committee. • Commercial Use Wearable data may not be leveraged in contract negotiations; violation is a $250,000 fine. • Continue discussions in good faith about commercialized data. Definition • Measures movement information, biometric information, or other health, fitness and performance information.

  8. Major League Baseball and ABD Governing Provision of ABD In MLB CBA Management • Team must provide an explanation of the technology proposed. • Playing Rules Committee (PRC) has the authority to approve use and devices. • Wearable committee created and will meet biannually to discuss topics related to wearables. Use • Voluntary; only approved devices. • In practice and in game. • Medical and performance. Ownership N/A Privacy • Wearable data is treated as highly confidential; not part of player’s medical record. Access • Player (direct access); Team (listed personnel). • Player may request to restrict others access. Security • At player request, data is destroyed. • Commercial use is strictly prohibited. Commercial Use • Any device designed to collect and/or analyze data related to a Player’s health or performance. Definition

  9. Major League Soccer and ABD Management N/A Use Players may be required to wear a monitoring device in connection with training. Ownership N/A Privacy Performance measures may be publicly disseminated, without the Union’s approval. Access Team shares results with player. Security N/A Commercial Use N/A Definition Physiological Testing

  10. National Football League and ABD Governing Provisions of ABD in NFL CBA Management N/A Use • Voluntary; only approved devices. • In practice only. • Medical and performance. Ownership N/A Privacy N/A Access N/A Security N/A Commercial Use N/A Definition N/A

  11. National Hockey League and ABD Governing Provision of ABD in NHL CBA Management N/A Use N/A Ownership N/A Privacy N/A Access N/A Security N/A Commercial Use N/A Definition N/A

  12. Applicable Federal Law  Genetic Information Nondiscrimination Act (GINA)  Unlawful employment practice for any employment agency to discriminate against an individual because of genetic information.  Health Insurance Portability and Accountability Act of 1996 (HIPPA)  HIPPA does regulate some biometric data, but various definition of biometric data have created ambiguity.  Athletes may sign waivers to exempt teams from complying with the federal requirement.  Department of Health and Human Services issued a statement that professional teams are likely not bound by HIPPA

  13. Applicable State Law ■ Biometric Information Privacy Act, 740 ILCS 14 (2008), et seq. – Applies to any private entity, including employers. – Employers must: ■ Provide each individual with written notice that their biometric information will be collected and stored. – Purpose for the collection of information and length of time it will be stored. ■ Obtain the individuals express written authorization to collect and store their biometric information, prior to it being collected. ■ Develop and make available to the public a written policy establishing a retention schedule and guidelines for destroying the biometric data. – Destruction of the data after its intended purpose has been fulfilled or three years after the employer last employed the individual, whichever comes first. ■ Allows for privacy a cause of action.

  14. Applicable State Law ■ Texas Biometric privacy statue (2009) Tex. Bus. & Com. Code Ann. § 503.001 – Only applies to biometric identifiers and not biometric information being used for commercial purposes. ■ Finger prints/retina scans. – Must provide individuals with notice and receive consent, however, written consent is not required. – Prohibits the sale of biometric data. – Protect data with reasonable care – Destroy data within a “reasonable time” that does not exceed one year after the data is no longer needed. – No private cause of action, all claims must go through the attorney general who can sue for enforcement of the statute and seek up to $25,000 per violation.

  15. Applicable State Law ■ Washington biometric privacy statute (2017) Wash. Rev. Code Ann. § 19.375, et seq. – Defines biometric data broadly: “any data generated by automatic measurements of an individual’s biological characteristics.” – Requires notice and consent of the individual, but does not specify that consent must be in writing. ■ Exception: Biometric data collected and stored by a business for security purposes (preventing shoplifting, fraud, etc.) – Does not create a private cause of action – Business may sell data (limited circumstances)

  16. Other Applicable State Laws ■ California Consumer Privacy Act (CCPA) ; goes into effect January 2020 – This law has been proposed as the potential framework for a federal regulation. ■ Alaska, Connecticut, Massachusetts and New Hampshire have all discussed and debated implementing privacy laws targeting biometric data.

  17. General Data Protection Regulation ■ The European Union has created the General Data Protection Regulation (GDPR), establishes a harmonized framework within the European Union for biometric data. ■ https://youtu.be/n5WJOncaHt4

  18. General Data Protection Regulation ■ Biometric data: “personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allows or confirms the unique identification of that natural person, such as facial images." ■ Objective is to prohibit the “processing” of biometric data without a person’s consent, thereby protecting individuals from having their information shared with third parties without their knowledge. ■ GDPR applies to almost any processing of electronic communications

  19. General Data Protection Regulation ■ Main objectives/Provisions – The right to be forgotten – Data breach must be notified within 72 hours – Global Law: Non-EU established organizations are subject to the GDPR where they process personal data about EU citizens. – Data minimization principle – Potential 4% worldwide revenue penalty

  20. General Data Protection Regulation Lawsuits ■ Facebook (Instagram & WhatsApp) ($3.9B) & Google (Android operating system) lawsuit ($3.7B) – Argued that the way the companies try and obtain consent is not compliant because it forces users into an all-or-nothing choice. ■ Users are asked to check a box to obtain access to services.

Recommend


More recommend