Athlete Data Privacy and Performance

applying kinesio tape on male athlete’s knee

May 2, 2022

Share on facebook
Share on twitter
Share on linkedin

Recently I was involved in a dispute that brought up an interesting quandary around medical and health privacy issues for sporting organisations. 

On one hand, the athlete in question had experienced some mental health issues, including post-traumatic stress disorder, that figured into the athlete’s performance and would have been useful for the organisation to know, and to be able to figure into training and competition plans. On the other hand, the athlete wanted to keep that information private, in part because of how the coaches and the rest of the organisation might perceive that, and how that athlete might be perceived for future selection.

In this article, we explore what the law says about personal information, how athlete data privacy obligations can impact coaches and support staff who are looking to make informed decisions for their current and incoming athletes, and how to effectively manage privacy obligations without compromising performance.


Athlete data privacy obligations in the sporting context


The Privacy Act is in place to protect Australians’ and their personal information. The Australian Privacy Principles (or APPs) govern the standards, rights and obligations of how personal information should be managed. They concern how personal information is used and disclosed, the accountability that a particular organisation might have with respect to protecting individuals’ privacy, the integrity of personal information (including when it needs to be corrected), and the rights individuals have related to accessing their personal information. They were designed, in part, to manage the risks that have come with evolving technologies. 

The Privacy Act applies to many sports organisations as it covers all organisations that collect, use or disclose health information for the purpose of an activity performed in relation to an athlete to assess, record, maintain or improve their health. 

For those involved at any level of sport, the health of athletes is obviously integral to on-field success, and knowledge about what can and can’t be disclosed or shared is vital. It is also important for sporting organisations that collect data to be aware of their obligations to avoid data breaches, and to report any data breaches in accordance with relevant legislation. 

In all levels of sport, organisations have access to personal medical and health information. Upon member registration for a club or sporting competition, there is typically a requirement to disclose some key personal health information such as any health conditions or medical diagnoses. For sporting organisations and associations that provide medical services or share athlete data as part of their training and care plans, that information is far more comprehensive. Health information under the Privacy Act is considered to be “sensitive information” and is therefore a form of personal information which has a higher level of protection under the Privacy Act. 

At the sub-elite and elite level, it’s not uncommon for sporting organisations to have access to information about an athlete’s prior health history, as well as any past or planned health services, test results (including radiological procedures like X-rays, ultrasounds, or MRIs), prescriptions and even genetic information. 

These organisations might also collect significant performance data for each individual athlete, which could also be considered to be personal information (and in some cases highly sensitive). Performance data could range from statistics about how many tackles a player laid in a football match, to heart rate data, or data on the impact of the timing of their menstrual cycle or sleep patterns on performance. It may not always be subject to the same level of legal protection under the Privacy Act as information which is clearly “health information” (e.g. information about injuries). Nonetheless, there is a strong argument that much of this data should be considered to be “health information” and therefore protected “sensitive information” (see for example this very recent paper at pages 34-35: Getting Ahead of the Game: Athlete Data in Professional Sport). Therefore, sporting organisations also need to be conscious of their obligations in relation to performance data, as this in particular is a developing area and one that is of increasing concern to athletes. It is likely that legal obligations in this space may change in the foreseeable future, as athletes increasingly advocate for greater protection of their personal performance data.

Every sporting organisation will have differing information needs to ensure that the decisions they are making are in the best interests of both the athlete and the sporting organisation. 

Good decision making comes in part, from having access to specific sources of information. Athletes may in some circumstances have an interest in sharing their health or performance information with a sporting club or association to enable them to improve performance or be treated for an injury. In other instances, they may prefer to keep this information private given how it may be used against them, or because they are concerned about disclosure. There are many reasons why an athlete may want to keep their health or performance data private. 

So, what needs to be considered to ensure your organisation is compliant but also avoids creating risk by limiting access to important medical and health information?

Let’s look at decision making in the context of team selection.


The dilemma for coaches and selectors


Take trading players with other Clubs as an example. If a player has a history of injury, and a team is interested in making a trade to bring that player onto their team list, knowing how well the player recovered from injury is paramount in that decision to either make the trade or seek a similar player.

And that concern doesn’t just stop with physical health. If there’s a mental health issue that might be impacting a player’s performance, and it’s unknown to the team making the trade for the player, it can become a huge issue for the team that’s taken on this new player. 

If it’s an addiction issue, for example, the player might be sidelined for a time while going to rehab. Important, of course, for the player’s health and well-being, but a situation where a team that believed it was getting an asset is now in a holding pattern waiting to learn if an athlete who has now become a liability (in the sense that they are drawing a paycheck but not able to compete) will have the potential to be an asset once again.

Knowledge about a player’s health information or performance data will also be relevant when selecting athletes to a team. If a player is carrying an injury, this may be a reason for not selecting them to a team. The performance data of one athlete may be important in choosing between one athlete and the next. 

Clubs may also want to collect data for the benefit of the player. In the AFL for example, athlete health data is collected and used by clubs to treat players. But its use also extends beyond this. Under the AFL Collective Bargaining Agreement (CBA), AFL players authorise and direct the Club Medical Officer to provide a copy of all their medical records (relevant to their services as a footballer) to their AFL Club and the AFL. The medical records of all players are required to be treated as confidential, and not released to another person without the consent of the player, except in specific circumstances. This includes providing a medical history for the purpose of another Club trading for or drafting that player. However, if the player consents to provide the information to one Club, he must also consent to provide it to any other Club that is interested. Similar provisions exist in the AFLW CBA. 

Injury information is also made available on a publicly available AFL injury list. The AFL uses this information to protect player health in the future, and to assess the need for rule changes to protect players’ health. However, when information on a player’s injury goes on the league’s official injury list, if consent were not provided for this, then that’s a disclosure that would run counter to the spirit of the Privacy Act. 

That’s where securing consent can be essential in striking the needed balance. Making sure that a player’s rights under the Privacy Act are sufficiently protected, while also providing all players with a safe working environment, and keeping the public informed about what is going on with the health of players in the AFL. The information may be shared for a beneficial purpose, but it absolutely could be relied upon as a factor in that player’s trade value. As well as that player’s bargaining position when it comes time to negotiate a new contract. The information could also be highly relevant for betting agencies and punters. 

When it comes to considering an athlete’s health data and their value to the team on an ongoing basis, while it might seem a bit cynical to commodify athletes in this way, it’s a very real part of assessing athletes and making good decisions for teams. Particularly where “missing” on one key player acquisition might be the difference between making the finals or not (or whatever the goal is for the season or years ahead).


Meeting performance goals with privacy obligations


If an athlete is dealing with a mental health issue like PTSD or depression, it’s something that isn’t going to be as apparent or obvious as a knee injury or a hamstring injury. Ensuring that you have a culture of trust and respect in which athletes who might be suffering from an issue that will be more hidden and will be willing to disclose it, could be essential to ensuring the team performs at a high level. It could also be important in ensuring the athlete is provided with the appropriate treatment or support.

While it’s fascinating to think about how this issue impacts the nation’s highest-profile athletes, privacy issues regarding health information reaches far beyond which professional players on the trading block might be affected, or which athletes should be selected to a team.

Even for youth sporting organisations, being conscious of the Privacy Act and what it requires should be a key factor in how by-laws are maintained, how new coaches are onboarded, and how parents of athletes should be communicated with before and during the season.


What are your participant or athlete data privacy obligations?


Organisations seeking to be compliant with the Privacy Act obligations should consider regular reviews of their policies and procedures to ensure they are drafted to support both their athletes and the team or club goals. With developments in technology, the types of data available and the legal obligations in relation to this are likely to continue to change.

Any organisation that collects, uses, manages and discloses this type of private medical information needs to ensure that all internal policies and procedures are up to date and are easy to understand to ensure they will be effectively applied. The next step is the roll out of this information to the coaching and support staff to ensure they are aware of their obligations in regards to maintaining the privacy of health and performance data. Consent will need to be obtained for athlete health data to be collected, used and disclosed, even where this is used for the purpose of providing a health service to the individual. 

For all sporting organisations, it’s imperative that everyone involved in the collection, use, transfer or disclosure of medical information is aware of the obligations. And that contracts factor in these privacy obligations and the rights of the players, but also provide for consent to access certain information that will help coaches help their athletes to maintain and enhance their competitiveness and for organisations to reasonably assess not only athletes’ potential, but also their progress.

For all of these reasons, and to ensure that athletes feel comfortable and willing to share as much information as required, it’s important to ensure that your sporting organisation is taking appropriate steps to ensure it is protecting and maintaining the privacy of athlete health information (and in some cases performance data), and that it is obtaining appropriate consent where disclosure of information is necessary.


Article by Alexandria Anthony


Related articles: Performance Enhancing Technology in Sport: Considerations for Decision Makers at all Levels of Sport


Our team specialises in working with sporting organisations of all sizes, across all capital cities and regions of Australia. We focus on managing and minimising your risk, so you can focus on your sport. To enquire about our services, fill in this form or call our office on (03) 9642 0435.


Disclaimer: Nothing in this article should be relied upon as legal advice. The contents of this article should be regarded as information only, and for specific legal matters, independent advice should always be sought. Please contact Paul Horvath on or phone (03) 9642 0435 to discuss any matter or to arrange an appointment.