The global sports industry is worth over USD 400 billion. Athletes and players who compete at a professional level often perform under conditions of stress, overexertion and overtraining. To optimise their physical performance, the industry has adopted various technologies. While teams have traditionally assessed athletes' physical condition, wearable technology offers a significant advancement from previous monitoring methods, allowing continuous monitoring of an athlete's overall health.
Overview of wearable technology
Wearable technology refers to non-invasive devices and sensors worn on the body to monitor health, without requiring subcutaneous (under the skin) applications. These devices typically include electronic sensors attached to the user's clothing, collecting valuable data on physiological, motion, position and environmental conditions.
Physiological data provides insights into biological processes within the body, offering valuable perspectives on an individual's health, performance and overall condition. Wearable devices enable the tracking of physical performance and the analysis of biomechanical, thermal and neuromuscular aspects of metabolic fatigue.
Current applications in professional sports
Prominent organisations such as the English Premier League, NBA, NFL, Olympics and FIFA have incorporated wearable technology. Common devices include heart rate and sleep monitors, ECG and EEG, with data transmitted to laptops, tablets and mobile phones, and then stored on companies' and teams' central servers. In football, American football and basketball, GPS vests monitor real-time acceleration, deceleration, changes of direction and jumping. Other systems track heart rate, breathing rate and movement. In swimming, cycling and running, sports eyewear manufacturers now integrate data-rich displays showing information such as heart rate, pace, cadence, speed, distance, calories burned and lap counts.
Benefits and concerns
There are numerous benefits to wearable technology, such as injury prevention, health monitoring, improved training efficiency, precision rehabilitation and data-driven decision-making. However, these devices raise concerns about privacy and athlete surveillance. Professional sports already provide viewers with significant access to athletes' health information, and wearable technologies amplify this level of surveillance.
Data protection implications for wearable technology
Wearable technologies present unique legal challenges regarding data privacy. Manufacturers and developers of these technologies, devices, applications and software programmes must consider these privacy concerns from the outset.
Since wearable technology collects physiological data – largely health-related information – its processing activities fall squarely within the ambit of the Protection of Personal Information Act 4 of 2013 (POPIA). According to POPIA, physiological data is classified as special personal information, a protected subset of personal information that requires more stringent safeguards than ordinary/normal personal information such as a person's name, contact details or physical address.
Under POPIA, the processing of special personal information is strictly prohibited unless:
- processing is carried out with the consent of the data subject;
- processing is necessary for the establishment, exercise or defence of a right or obligation in law;
- processing is necessary to comply with an obligation of international public law;
- processing is for historical, statistical or research purposes to the extent that:
- the purpose serves a public interest and the processing is necessary for the purpose concerned; or
- obtaining consent would be impossible or disproportionately difficult, provided that sufficient safeguards protect the individuals.
- information has deliberately been made public by the data subject; or
- specific exemptions apply.
Transparency is key. Section 18 of POPIA mandates that responsible parties (those determining the processing means and purposes) inform data subjects and users about processing activities. This information is often contained in privacy statements, which must be legally compliant, enabling athletes and users to make informed choices regarding their personal information.
A privacy policy should address the requirements of Section 18 of POPIA, detailing the categories of personal information processed; the source of collection; the responsible party's name and address; the purpose of the collection; any intention to transfer information to a third party outside South Africa; and data subject rights.
Additionally, the transfer of special personal information outside South Africa may require prior approval from the Information Regulator, unless otherwise permitted under POPIA. While the Information Regulator can authorise data processing, organisations bear the responsibility for securing it.
Organisations must implement comprehensive security measures under POPIA, particularly given the sensitive nature of physiological data. These measures include identifying potential risks (internal and external), implementing appropriate safeguards, regularly assessing their effectiveness, and continuously updating them to address new risks or weaknesses.
While POPIA places various obligations on responsible parties, athletes and users should pay close attention to the application terms and conditions and any privacy statements/policy regulating the use of their personal information. Athletes and users are encouraged to review these documents to understand how their data will be used and what risks they may be exposing themselves to.
While sports teams stand to benefit from wearable technology, they must navigate a complex compliance landscape regarding the processing of special personal information. Balancing technological benefits with athletes' privacy rights should remain a priority when adopting wearable technologies.