At the Aspen Sports Institute conference at the end of 2019, NCAA President Mark Emmert told the gathering that, outside of a unionized environment, there had never been a collective bargaining agreement ratified on group names, images and likenesses. He pointed to the intricacies of how and why the NCAA finds itself boxed in due to a lack of a collective bargaining agreement. Unsurprisingly, the NCAA finds itself reaching out to Congress for a solution.
Senators Chris Murphy And Mitt Romney Speak To The Media On Student Athlete Compensation
To do true justice to the NIL issues, we must acknowledge the fact that the real owners of images and data is the players themselves. In this new world of data ownership and control, higher education professionals cannot have their head in the sand this time around.
A good place to start is to see what other sports organizations are doing in this fast emerging space.
There are two issues emanating from the WNBA that the NCAA should implement unilaterally and immediately (across all Divisions) with the millions of dollars pouring in from the College Football Playoff—additional marketing and promotional considerations, and medical data management.
Guidance can be found in the recently executed Collective Bargaining Agreement in the WNBA. These concepts will be repeated in other CBAs as they come up for renewal. They will be a major point of negotiation for all professional leagues moving forward; the WNBA just happened to get to it first.
First, with the WNBA agreement, the players and the league agreed to several things revolving around NILs, including defining what images and personal attributes.
· “Picture” means all forms of audio, video, data or image reproduction, distribution or transmission whether now existing or hereafter created, including, but not limited to, still photographs, motion pictures, videocassettes, television images, computer and digital images, CD-ROM, and digital disc, in all cases whether live or on a delayed taped basis
· “Player Attributes” means a player’s name, nickname, Picture, portrait, image, signature, voice or other identifiable attributes and, to the extent that she has rights therein, biographical data.
· Additional Marketing and Promotional Compensation: “Team Marketing and Promotional Agreement” means a written agreement entered into between a Team and a player in accordance with Article XXXIV, Section 2, whereby such player, in exchange for Additional Marketing and Promotional Compensation, player agrees to perform marketing and promotional services for such Team (in addition to any services required by such player’s Player Contract, any WNBA Marketing and Promotional Agreement to which such player is a party, or this Agreement) that, during the term of such Team Marketing and Promotional Agreement, shall: (i) require the player to live in the Team market; (ii) require such player to make additional appearances on behalf of the Team or its sponsors or licensees; (iii) permit the Team or its sponsors or licensees to use such player’s Player Attributes individually on a non-exclusive basis; and (iv) require such player to comply with reasonable content creation and social media distribution requests of the player by the Team or sponsor.
The whole discussion about NIL has been around monetization, but there are larger issues surrounding who owns and can access their NILs created “in house” and used to generate revenue, whether a college athlete plays for one year or four years. As the WNBA CBA states, “Player Attributes” are exchanged for “additional marketing and promotional compensation”.
For example, a company called INFLCR has created technology that allows images and content created by the athletic department to be placed in a special drop box where athletes can share that media on their own social media pages (as well as used on the athletic department social feeds. The content includes photos, video, memes, etc. all featuring current NCAA players from that university. What happens when a player leaves? Does their NIL travel with them? Does the team’s data warehouse retain that player’s image when they leave?
An example of a worst-case scenario hack happened late last year to an athletic recruiting software company, Front Rush. Their server was compromised, and college recruits’ medical records and other personal data was exposed; it is a very common platform used by thousands of companies. Who is liable for the intrusion? The schools that use the service? Front Rush? Amazon Web Services who hosted the data? It is an expensive lesson, as Front Rush has learned. According to Vice, “Items exposed included students’ SAT scores, personal address, date of birth, physical evaluations, post-injury reports, performance reviews from specific teams for particular players, and athletic financial aid agreements.” What steps should college coaches and high school recruits take to ensure their data is safe?
A woman looking at her shared medical records on a tablet. (Photo by: BSIP/Universal Images Group … [+]
BSIP/Universal Images Group via Getty Images
Secondly, another important data issue that should be in this same discussion of data security and privacy is medical records. Here is what the CBA says:
· Electronic Medical Records: The WNBA may, during the term of this Agreement, develop and implement a new electronic medical records system (“EMR”) that will provide a secure, searchable, centralized database of player health information. To the extent health information disclosures are permitted by this Agreement (including the Standard Player Contract), such disclosures may be made via secure systems within the EMR. In addition, the EMR will: (i) allow for the WNBA 163 (but not the Teams) to conduct player health and safety reviews; (ii) allow for authorized academic researchers to access the data (on a de-identified basis) and conduct studies designed to improve player health and broaden medical knowledge (provided that the Players Association will be provided with notice prior to any such access and gives its consent, such consent not to be unreasonably withheld); and (iii) give players the ability to easily access their own health information and to grant access to such information to physicians of their choice both during and after their careers.
Is medical data security and privacy procedures a consideration for athletic departments? How many use “best practice” password and server/cloud storage strategies in their training rooms across all NCAA institutions? If not, why not? Are athletic training rooms being given the technical capabilities to secure their medical data? Are academic researchers being given access to the de-identified data without athlete’s knowledge and/or consent? Should there be the option to give consent on the front end?
NCAA Best Practices only cover the relationship between “diagnosis, management and return to play” on the medical side. It states nothing about the biometric and other physical data that athletic programs collect and store on the athlete, either in the training room or in the athletic communications office.
IT departments know there are Federal guidelines regarding what student data can be released to the general public, and schools know they can get into serious trouble by not taking care of student’s data. With the amount of personal information athletic departments are keeping on individual athletes (and some universities have up to 1,000 athletes), it is a massive challenge. It is time for the NCAA to mandate that school’s treat athlete biometric and medical data the same way recruiting violations are tracked. It’s disingenuous to say you care about health and welfare if you don’t include privacy controls.
States have enacted strict biometric privacy laws, and recently Illinois settled with Facebook for $550 million, saying the platform did not protect resident’s personal data, including facial scans, fingerprinting and eye scans. The 2008 law requires companies “collecting such information obtain prior consent from consumers, detailing how they will use it and how long it will be kept”, according to an article in the Washington Post. Private citizens also have the power to sue if they feel a social media platform has not adequately protected their data.
Revenues from the College Football Playoff (about $450 million per year) are currently being shared among the Power 5 Conferences almost exclusively. Like the newly established “Academic Enhancement Funds” given to support academic success (taken from the March Madness revenues), the NCAA could provide funds to all schools to strengthen each school’s data storage practices, staff training and access. One can only imagine the hodge podge way medical data is stored and retrieved today.
It’s time for the NCAA to create a minimum standard for how athlete’s private information is protected. It’s also important that inside the discussion around monetizing NILs, we talk about what happens to the social media content we create today for each of our athletes after they leave. The discussion cannot begin and end with NIL monetization outside of the NCAA ecosystem.