Your Athlete Data Isn’t Just for Coaches Anymore — Players Are Fighting Back

There is a player in a European top-flight club who trains every morning wearing a vest that monitors their heart rate variability, their sprint load, and the micro-asymmetries in their gait that might signal a hamstring tightening. They wear a smartwatch that tracks their sleep quality. Their biomechanical data is captured by camera systems that map 29 points on their body at 100 frames a second during every match. Psychological questionnaires feed data into AI models that assess mood and cognitive readiness.

At the end of each season, when their contract is up for renewal — or when a rival club makes an enquiry — who has access to that data? The player? Their agent? The club? The technology vendor who built the system? All of the above? None of the above?

In 2026, the answer is genuinely unclear — and that ambiguity is becoming the most consequential unresolved dispute in professional sport.

The scale of athlete monitoring in elite sport has expanded so dramatically that it is worth pausing to appreciate what “biometric data” now means in practice. Wearable sensors collect heart rate variability (a proxy for recovery and stress), sleep metrics, hydration status, and training load. Computer vision systems analyse facial expressions and micro-movements associated with fatigue. GPS trackers log acceleration, deceleration, and positional data to the centimetre. AI models trained on years of individual athlete data generate daily “readiness scores” and injury risk assessments.

This is not the stuff of science fiction. It is standard operating procedure at any club with a serious performance department in 2026. And it applies not just during training — athletes are increasingly monitored across their entire daily lives, with sleep trackers, continuous glucose monitors, and hydration sensors all feeding into centralised club dashboards.

“Athletes may know their data are being collected but lack clarity on how long they are stored, how algorithms evaluate them, or whether they may resurface in commercial or evaluative contexts — issues that carry career-long consequences.”

“Athletes may know their data are being collected but lack clarity on how long they are stored, how algorithms evaluate them, or whether they may resurface in commercial or evaluative contexts — issues that carry career-long consequences.”

— PMC Research Journal on Athlete Data Sovereignty, December 2025

NBA Set the Precedent — But It’s Not Enough

The NBA’s collective bargaining agreement (CBA) contains some of the most developed athlete data protections in professional sport. Its wearable technology provisions explicitly state that biometric data collected from players “may not be considered, used, discussed or referenced for any other purpose” such as in contract negotiations or trade decisions. Any team that violates this provision faces a fine of up to $250,000.

It is a meaningful protection. Legal experts at Goodwin Procter, in a December 2025 analysis, noted that it offers athletes some control over the most sensitive uses of their data. But the protection has limits. It covers what data can be used for — it doesn’t address who owns it, how long it can be stored, or whether it can be sold to third-party technology vendors.

The 2020 NFL–NFLPA collective bargaining agreement took a different approach: biometric tracking decisions are jointly administered between the league and the players’ association, giving players a structural voice in how systems are designed and deployed. It is a model that is beginning to influence negotiations in other leagues — but slowly.

If professional athletes are only beginning to win these battles, college athletes in the United States remain almost entirely unprotected. A 2025 legal paper from Moritz Law School at Ohio State outlined the stark power imbalance: universities selling their athletes’ data to analytics companies, scouts and professional teams potentially accessing biometric records to make hiring decisions, and student athletes who have no union, no collective bargaining, and no clear federal framework to appeal to.

Catapult Sports — the performance analytics company whose technology monitors movement and biometric data — was providing services to all 32 NFL teams and numerous college programmes as of September 2025. The potential for professional teams to access college athletes’ biometric histories through these shared platforms is not theoretical. It is a structural risk of the current system.

“As technology vendors increasingly control analytics and storage, athletes become sources of value without corresponding control or benefit-sharing.”

— PMC Research Journal on Athlete Data Sovereignty, December 2025

Sports law firm Brabners, in a March 2026 update to their AI in Elite Sport guidance, noted that AI is “no longer seen as an experimental tool — it’s an integral strategic and performance enhancing tool” in clubs. Their analysis highlights the growing web of compliance obligations: the EU’s GDPR, California’s CCPA, and — for any athlete performing in Europe — the EU AI Act, which imposes labelling and transparency requirements on AI systems used in evaluative contexts.

Biometric data, under most privacy frameworks, is classified as “sensitive” or “special category” data — the highest tier of protection. Heart rate variability, facial analysis, sleep data, and psychological assessments all fall into this category. Collecting and processing them without explicit, informed consent is illegal in most jurisdictions. The question is whether sports organisations’ existing data collection regimes actually meet that standard — or whether they rely on the coercive power of employment relationships to obtain nominal consent from athletes who feel they have no real choice.

The path forward, legal experts suggest, involves three things working in concert: clearer statutory frameworks that define biometric data collected in sports employment contexts as belonging first to the athlete; collective bargaining agreements that address not just use restrictions but ownership, storage duration, and commercialisation rights; and independent oversight bodies — separate from clubs and leagues — that audit data practices in the way financial regulators audit accounts.

None of this is simple. Clubs have invested significantly in their data infrastructure. Technology vendors have built commercial models predicated on data aggregation. Broadcasters and sponsors are beginning to see athlete biometric data as a commercial asset in its own right. The economic incentives to maintain the status quo are substantial.