Who owns the rights to your sports performance data?

Are you a professional sportsman or sportswoman in England & Wales?  If so, your data could be being used illegally. And you could be losing money as a result.


From footballers to rugby players, tennis players, cricketers and Formula 1 drivers, technology is being used to help sportspeople reach their full potential. Everything they do is measured. Including their overall health, performance during training and live events, sleep and diet. We launched a group action to help protect the rights of professional athletes. 


What was this case about?

Today’s clubs and sports teams understand that analytics can improve their chances of winning. And most players are happy to have their data analysed to benefit their individual and team performance. But, if you are a professional sportsperson, your information could be being exploited in ways you have not agreed to. For example:

The UK sports betting and gaming industries are worth several billions of pounds annually and depend heavily on sportsmen and sportswomen’s data. But the profits do not get passed back to them. Most players are not aware that their personal data is being processed and monetised, or that they are losing out financially as a result.

Our action was not about penalising clubs, who are perfectly within their rights to use personal data as long as they do so under the rules of the GDPR. It was about what happens to player data once it arrives at the sports data companies and where it goes. The value of this data is significant and the money being made of it by companies associated with sports is astronomical.

Is your training data being used by wearable tech companies?

As well as professional sportspeople, passionate amateurs, those who like to keep active, and people looking to get fit could also find their data being exploited by wearable devices.

It is important that you know how your data is being used, where and how it is stored, if and who it is being shared with, and what safeguards are in place to protect it. The data captured by these devices could reveal sensitive personal information relating to your identity, location, and health status, and this creates obvious privacy and security risks. What would happen if an insurance company got hold of your data and increased your premium for example?

Is your data making other people money?

Sport is big business and if there is a way to make even more money from it, someone somewhere has found it. What happens on the pitch/court is key, but virtual sports, gaming, broadcasting, betting, fantasy sports etc., all generate additional profit. And the use of player analytics is key to maximising sporting monetisation.

Data is gathered by technology companies that crunch it and charge clubs for providing analytics on their players and athletes. The manager will often go through this data and provide you with updates on your performance and stats. But what you are not told is how else this information is being used.

For example, the private information of sports personnel is being sold to gambling and sports gaming companies. And, in some situations, used against them in contract negotiations. For example, data could be used to highlight that a player might be at risk of injury, even if they are currently at the top of their game. In such cases, players could be due compensation of around £5,000 – £20,000.

Here are just some of the ways your data is being captured to help big businesses to make money:


Tracking data such as runs, passes, accuracy, speed, jump height, distance, cards, throw-ins etc.

Biometric Data

Heart rate, sweat rate, sleep rhythms, oxygen stats, blood pressure etc. obtained via wearable tech.

Broadcast Media

Tracking and performance data is being shared between some media and data companies.

Medical Data

Physio reports and club doctor reports.

Performance Data

Goals scored, cards given, throws given and taken, and much more.

The Legal State of Play

Under the General Data Protection Regulation (GDPR), your data can only be processed for “specified, explicit and legitimate” purposes. It also must be kept accurate, up-to-date, and safe. You must also provide your consent for how it can be used.  Although companies collecting your data must undertake a DPIA (Data Protection Impact Assessment) as to how that data is used and processed, in the main our investigations show that is not happening.

By using your data in ways that contravene the GDPR, certain third parties are breaking the law.