A Legal Analysis of Data Collection in Baseball

Scratching the Surface of Data Privacy Laws

Image for post
Image for post


  • Part 1: Focuses on health-related data, which includes information regarding a player’s specific biological makeup.
  • Part 2: Focuses on the rights associated with in-game data, which includes numerical elements that show a player’s actual output.
  • Part 3: Focuses on data obtained outside of the game environment, which contains individual performance measurements.

Throughout my analysis, I seek to address five questions that arise with the collection of any type of data.

  • Who owns the rights to the data?
  • Who has access to the data?
  • What are the privacy concerns?
  • Are there competitive disadvantages to sharing this data?
  • What is the standard of protection for this data?


  • The players have an interest because the efficient use of this information could help extend their careers.
  • Teams have an interest because the application of this data can stimulate performance and improve overall success.
  • Data partners have an interest because feedback from the use of this data can help improve their systems and software.
  • Entities like MLB Network can facilitate fan engagement through sharing graphs and other advanced metrics that are derived from this data.

There are different categories of intellectual property law that can protect a party’s rights to data and/or databases. The three main categories that offer protection are:

  • Trade Secret Protection.
  • Copyright Protection.
  • Patent Database Protection.

For a database to be protected under trade secret laws, it must contain information that maintains an independent economic value from not being generally known to other parties who can obtain economic value from its disclosure or use.⁴ Under the Uniform Trade Secrets Act (UTSA), information can include compilations, programs, devices, or processes.⁵ The database must also be the subject of reasonable efforts to maintain its secrecy, which means that a party should limit the disclosure of the data to employees, vendors, or business partners.⁶

It is impossible to “own” raw data because you cannot obtain copyright protection for historical facts.⁷ However, databases can be protected if they are deemed to be original works of authorship.⁸ Original works of authorship contain creative expressions that are fixed into a tangible medium.⁹ To classify as a tangible medium, the databases embodiment must be sufficiently permanent to permit it to be perceived or communicated for a period of more than transitory duration.¹⁰ In theory, where a compilation of data contains a minimum amount of creativity in arrangement, it can be protected under copyright law.

These rights also revolve around the ownership of the tools in which data is collected.¹¹ Raw data rights can have clear ownership claims through intellectual property law by both the subject and the controller. A party that creates patented or copyrighted technology that gathers created data, lawfully obtains the rights associated with that data. Cisco predicts that 60% of data is created through software programs.¹² Because legal processes have not caught up to the pace of developing technology, data rights currently lack a firm foundation in addressing the prospective issues.¹³

As a mere compilation of data, a database and the details that comprise it will generally not qualify as patent eligible.¹⁴ Sometimes, a party can obtain protection for inventions that implement novelty into their databases. Usually, this entails some sort of unique data selecting system that is stored inside each data structure.¹⁵ This protection is currently rare, but computer-implemented technology is an evolving field that will require the expansion of patent laws.

The laws previously listed reflect questionable methods of protecting personal data in the United States.¹⁶ Aside from baseline intellectual property laws or the California Consumer Privacy Act, there are no widely accepted laws intended to specifically govern the privacy and security of data.¹⁷ However, a wave of uniform guidelines is forthcoming and the European Union’s General Data Protection Regulation (GDRP) law could provide a framework.¹⁸

The GDRP purposely defines “personal data” in a broad manner, which allows for a wide range of data types to garner protection.¹⁹ The law is unique in that the majority of associated rights are solely provided to the subject (the person whose data is being collected).²⁰ There are five general standards that can be deduced:

  • The data subject has to give unambiguous consent.
  • Processing must be done to ensure appropriate security and confidentiality.
  • The data must maintain a standard of accuracy.
  • Processing must be lawful and transparent to the data subject.
  • Data may only be hosted for the length of time necessary to achieve a given purpose.


  • How is the privacy of this data being protected?
  • What are the ethical and/or confidentiality limitations to biological data tracking?
  • Do the players own their biometric data?

A concrete legal framework has yet to be determined for analyzing and interpreting issues that arise regarding health-related data privacy.²³ There are currently only three states that have adopted privacy legislation.²⁴ While health care laws govern biomedical research and biometric data in the field of medicine, their application in the sports sector remains ambiguous. Thus, a team’s access to a player’s medical data is mostly unrestricted.²⁵ As the race to quantify a human body continues, there are privacy factors that need to be considered in light of these extraordinary developments.²⁶

While the overall law governing this information is unclear, The California Consumer Privacy Act seeks to provide players the ultimate authority over how their personal health data can be used.²⁷ Similar to the GDPR, the consent of the player is necessary before in-depth health data can be collected. Additionally, the subjects have the power to revoke consent at any time. Contrary to the rights associated with the collection of output and performance data, health-data rights derived from this act shift the bargaining power to the players.

In a commercial context, this effectively gives the rights to license health-related data to the Major League Players Association (MLBPA). Ethically, this concept is relatively sound. Neither data vendors or teams should maintain rights over a players genetic and biological health data. The current Collective Bargaining Agreement (CBA) addresses this issue by providing that the use of this data gathering technology is entirely voluntary.²⁸ Additionally, the data access is restricted to 8 parties inside an organization:

  • General Manager,
  • Assistant General Manager,
  • Field Manager,
  • Team Physician,
  • Certified Athletic Trainer,
  • Strength and Conditioning Coach,
  • Rehabilitation Coordinator, and;
  • An individual hired by a Club to manage the use and administration of wearable technology.

Because the rights associated with this data are held by the MLBPA, “any commercial use of such information by a Club, Major League Baseball, or any Major League Baseball related entity is prohibited.”²⁹ While this agreement addresses some of the basic issues regarding the collection of this data, the boundaries on what can be collected are broad.

As referenced in the agreement “wearable technology” refers to any equipment, program, software, or device which is designed to collect data related to a player’s health at any location.³⁰ This includes off-field activity away from the ballpark. These trackers include biomechanics compression attire, GPS tracking compression attire and any device, sensor, equipment, attire or dashboard technology which is designed to measure a player’s health.³¹

The MLBPA currently holds strong bargaining position regarding these data rights, but more pressure will be put on players to take part in this data collection as this technology usage becomes more prevalent. The disclosure of a player’s health information relating to “physical condition” has long been included in CBA’s.³² The specific terminology that is used gives teams the authorization “to use and disclose any of the health information about a player for any purpose relating to their employment.” Under these generalized terms, teams can include a large majority of data collection. As data privacy laws that encompass biometric data evolve, players will most likely seek to more narrowly define the scope of the MLB’s authorization for the use and disclosure of health information.

There are no laws that prevent employers from making agreements that give them the right to disclose this information. This is why owners repeatedly seek to include this stipulation in the agreement. However, the Department of Health and Human Services reasons that a player’s medical records may soon be considered employment records instead of privileged health information.³³ As an extension of privacy rights, confidentiality should be considered applicable to the issue of how player health data is captured.³⁴ Until uniform standards are established, there will be uncertainties over biometric data usage and collection.

The direction and limitations of biometric data collection will be a key part of negotiations for the new CBA. Some of the key points are listed below.

  • What limits will be placed on health-related data collection?
  • Will the MLBPA maintain the rights associated with this data?
  • What aspects of a player’s biological make-up are eligible to be tracked?
  • What safeguards are in place to store and protect this data?
  • Can this data be commercialized to third-party vendors?

As a consequence of the COVID-19 pandemic, systems and processes will see significant changes in data gathering habits for both players and fans. Through an increased reliance on digital platforms, data privacy and security should become a top priority.

Part 2:
Currently, all in-game output data is obtained through an advanced capture feature called “Hawk-Eye.”³⁵ This technology uses vision-processing software that provides state-of-the-art data in response to on-field activity. The data is then integrated with both MLB infrastructure and Google Cloud to provide uniform protection.³⁶ This system is paid for by each club, but the teams do not own the specific software. Two of the three categories of intellectual property law previously listed are applicable to this type of data collection.

While the underlying data obtained through the use of this technology cannot be copyrighted, the databases created from this information would be eligible for protection. Through collecting and organizing this data in a unique way, this database is considered an original work of authorship. Therefore, Hawk-Eye Innovations holds the rights to this database and can license usage rights to parties like MLB teams. Often times, data licenses are non-exclusive, but in this situation the granted rights to the licensee are exclusive. In essence, the specific information gathered cannot be shared to additional parties by Hawk-Eye. The MLB does reserve the right to share some of this data to other parties included under MLB Entities and websites such as FanGraphs.³⁷ By providing this information to each team, they are able to use the derivative data for various projects aimed at improving player production.

Hawk-Eye technology is extremely innovative and advanced. Each frame that is sent by the cameras includes a calculation of the position of the ball that is derived through a group of pixels from other cameras in the system.³⁸ The software then generates a graphic image of the ball path and playing area in real-time. This information is then combined with a back-end database to analyze trends and statistics about individual players.³⁹ As a unique invention, this system uses data gathering software and compares it to other archived data, which therefore allows for patent protection.⁴⁰

Because Hawk-Eye technology incorporates the use of advanced software to collect baseball data, the ownership of this data resides in the ownership of the technology. Each team obtains access rights through an agreement that includes the use of the camera technology, the data processing software, and the databases that this program creates. As employees, players have no right to prevent the use or sharing of this data unless there is an invasion of privacy.

Part 3:
The collection of out of game performance data presents a few different legal challenges than the analysis above. Instead of a uniform agreement on a league-wide basis, each team is allowed to create individual partnerships with third-party vendors of their choice. Viewed as trade secrets around the league, it is impossible to know specifics around what teams use each type of third-party technology. The rights associated with the data hinge on what type of data is being collected and the capabilities of each technology. However, the core legal principles previously described are still applicable to this analysis.

The rights associated with the use of this data hinge on two factors. Note that these factors are to be considered as independent of a league-wide agreement.

  • Is the data derived from technology that the teams purchase for their individual use?
  • Is the data derived through subscriptions or licensing transactions with third party vendors?

There are different types of technology and services that are available to MLB teams. One of the most prominently used technologies are Rapsodo machines. After purchasing these devices, each team can access the data through a subscription service. Throughout the subscription period, teams are able to access their individual content data.⁴¹ The data is protected and stored on the company cloud and each team has a data storage limit respective to their subscription.⁴² Similar to the analysis above, copyright and patent laws are applicable in this situation. When technology like Rapsodo is being licensed to individual teams, there are a few factors that must be considered regarding rights to the derived data.

  • Can the licensee share this data?
  • Can the vendor use the client’s data?
  • What limitations are there in the use and expansion of this data?

As licensees, the teams want to keep the data obtained from these technologies as trade secrets. Disclosing this information would create a competitive disadvantage. Because of this, each team forms an exclusive agreement that prevents Rapsodo from sharing the licensee’s data with other teams.⁴³ However, this agreement does not restrict Rapsodo from forming other similar agreements with additional teams to provide access to their specific players data.

Rapsodo reserves the right to use their client’s data for statistical purposes. As a disclaimer, their standard policy includes a provision that states they may use client data (in the aggregate) to understand how they interact with the service and to improve the user’s experience.⁴⁴ This agreement is fairly uniform to a vendor’s use of client driven data. As this data is independent of personal identification, there is no privacy violation in using this data to improve systems and processes.

Because Rapsodo maintains all copyrights and patents in the technology and the databases derived from its use, the teams are not able to copy or create their own derivative work from the software.⁴⁵ This clause protects the vendor from their clients taking their patented software and adjusting it for improvement. This allows the vendor to create updated versions of the software and market more advanced technology to each team.⁴⁶ Recently, Rapsodo 3.0 has been marketed and purchased by some teams around the league. While teams cannot manipulate the software, they are allowed to take derived data and create programs that analyze the data for player performance improvement.

It is impossible to analyze all the different technology that gets sold and licensed to each team, but the emphasis of this segment is on another prominently used technology, Edgertronic cameras. These devices use high speed computer vision technology that focuses on the complexity of a player’s performance.⁴⁷ Because these devices can be purchased individually by each team, there is no need for a licensing data transaction or data partnership agreement. Subject to the terms of the current CBA, teams maintain the right to store, access, and use the digital data that is obtained through the use of these cameras.

CBA Appendix A section 3(c): The Player agrees that his picture may be taken for motion pictures at such times as the Club may designate and agrees that all rights in such pictures shall belong to the Club.

As an employer, each team is able to monitor their players performance given that the expectation of privacy is not outweighed by the business motive.⁴⁸ Using cameras like Edgertronic to monitor and assess a player’s performance does not create an invasion of privacy. Therefore, the teams maintain ownership of the data derived from these types of devices respective to the CBA.


Upcoming bargaining negotiations should be relatively seamless regarding performance and output data, but it is reasonable to speculate more stringent terms for health-related data will be implemented. It is crucial that players do not lose their rights as private individuals before clear law has been presented. With the owners being hard-pressed to avoid an additional suspension of play, the upcoming negotiations could be an opportune time for players to obtain more solidified rights in their data. While the GDRP is not applicable law in the United States, its standards could be used as guidelines in reaching a fair agreement for both parties.


  1. White and Case. 2021. “USA: Data Protection Laws and Regulations.”
  2. Baig, Edward. 2020. “What Will it Take for the Government to Protect Your Privacy?” USA Today. Link.
  3. Uniform Trade Secrets Act (UTSA), 14 U.L.A 539–40 (Commissioners’ Prefatory Note) (1980).
  4. See Commissioners’ Prefatory Note, supra, at 539–40.
  5. See Commissioners’ Prefatory Note, supra, at 541.
  6. C.B.C Distribution and Marketing, Inc. v. Major League Baseball Advanced Media, L.P., 505 F.3d 818, 823 (8th Cir. 2007); Daniels v. FanDuel, Inc., 909 F.3d 876, 877 (7th Cir. 2018).
  7. 17 U.S. Code § 102 — Subject matter of copyright: In general
  8. Id.
  9. Id.
  10. Chartrand, Sabra. 2021. “Patents; A Method of Collecting Consumer Data Renews Questions About Patents on Business Practices.” New York Times.
  11. Cisco Annual Internet Report. Link.
  12. Gebhart, Gennie. 2019. “EFF’s Recommendation for Consumer Data Privacy Laws.” Link.
  13. U.S. Patent Act, 35 U.S.C. § 1 et seq, Article I, Section 8, Clause 8.
  14. Id.
  15. Perry, Rebecca. 2020. “America and the European Union Continue Altering Data Privacy Frameworks for Businesses.” Law.com. Cyber Security Law & Strategy. Link.
  16. Id.
  17. Id.
  18. General Data Protection Regulation. OJ L 119, 04.05.2016; cor. OJ L 127, 23.5.2018.
  19. Id.
  20. Michael, Katina, and M.G. Michael. 2007. “From Dataveillance to Überveillance and the Realpolitik of the Transparent Society.” Link.
  21. Greene, Jeremy. 2016. “Do-It-Yourself Medical Devices — Technology and Empowerment in American Health Care.” New England Journal of Medicine 374 (4): 305–8.
  22. Gould, Stephen Jay. 1981. The Mismeasure of Man. 1st edition. New York, NY: W. W. Norton.
  23. Ramos, Gretchen. 2020. “Additional U.S. State Advances the State Privacy Legislation Trend in 2020.” The National Law Review, Volume X, Number 27: 1.
  24. Ligaya, Armina. 2014. “High-Tech Sports Pros Seek Edge over Rivals with Wearables.” Financial Post, October 23. Link.
  25. Hoyt, Reed, and Karl Friedl. 2016. “The Future of Wearable Tech.” United States Army Acquisition Support Center. February 1. Link.
  26. California Consumer Privacy Act of 2018 (CCAP).
  27. Major League Baseball. 2005. “Addendum D: Authorization of the Use And/or Disclosure of Major League Player Health Information.”
  28. Major League Baseball Collective Bargaining Agreement Attachment 56 § 5.
  29. Id. at § 2.
  30. Id. at § 1.
  31. Major League Baseball. 2005. “Addendum D: Authorization of the Use And/or Disclosure of Major League Player Health Information.”
  32. 45 C.F.R. §§ 160.103 and 164.512(b)(1)(v).
  33. Malcolm, Dominic. 2016. “Confidentiality in Sports Medicine.” Clinics in Sports Medicine 35 (2): 205–15. doi:10.1016/j.csm.2015.10.006.
  34. Sony Electronics Inc. 2020. “Hawk-Eye Innovations and MLB Introduce Next-Gen Baseball Tracking and Analytics Platform.” Cision PR Newswire.
  35. Id.
  36. Appelman, David., and Dolinar, Sean. 2020. “Statcast Stats are Now on FanGraphs.” fangraphs.com. Link.
  37. “Hawk-Eye Line Calling System.” 2020. Link.
  38. Id.
  39. Id.
  40. Rapsodo Terms of Use § 6.
  41. Rapsodo Privacy Policy § “How We Protect Your Information.”
  42. Globe News Wire. 2017. “Rapsodo Inc. to Support Joint MLB and USA Baseball Events.”
  43. Rapsodo Terms of Use § 5.
  44. Id.
  45. Rapsodo Terms of Use § 8.
  46. Lemire, Joe. 2019. “Edgertronic Cameras Are the Tech Transforming Baseball By Accident.” Link.
  47. SHRM. 2019. “Managing Workplace Monitoring and Surveillance.” Link.

Law student at Capital University Law School

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store