Wearables, Biometric Governance, and Athlete Data Sovereignty Under the Current NBA CBA
Wearables, Biometric Governance, and Athlete Data Sovereignty Under the Current NBA CBA
The NBA’s 2023 Collective Bargaining Agreement (CBA), effective through 2029-30, has transformed wearables from a bargaining novelty to a core component of biometric governance. The CBA broadly defines wearables and creates a joint Wearables Committee—composed of league and union representatives, including sports medicine experts, and governed by strict conflict-of-interest rules—to oversee device approval and establish cybersecurity standards for wearable data. Devices and metrics must be validated, and the use of raw data is tightly controlled. Player protections are paramount: wearable use is strictly voluntary, informed consent is required, and players can opt out at any time. Players have full access to their data, while teams may only use it for health, performance, and tactical purposes; biometric data is explicitly barred from influencing contract negotiations and employment decisions, with significant fines for violations. Despite these advances, the CBA does not fully settle legal questions of ownership or secondary commercialization of athlete data. Ongoing policy differences with the G League and continued academic debate highlight the need for stronger athlete data sovereignty, advocating for player control over personal data. While the CBA is an advanced framework for athlete protection and oversight, it remains an interim solution, leaving open the fundamental question of athlete authority over the commercial and inferential use of their biometric information.
The NBA’s treatment of wearable technology has evolved from a novel bargaining issue into a meaningful model for labor-based biometric governance. Under the current NBA-NBPA Collective Bargaining Agreement, ratified in 2023 and running through the 2029-30 season unless either side opts out after the 2028-29 season, wearable technology is no longer a side issue. It is embedded in the larger architecture of player health, performance, privacy, and labor-management control over data generated by athletes’ bodies.^1
Article XXII, Section 13 of the current CBA reflects a fairly sophisticated attempt to regulate this space. The agreement defines “wearables” broadly to include devices that measure movement information, physiological information, and other health, fitness, and performance information.
It continues a jointly governed Wearables Committee composed of league and union appointees, requires that at least some committee members possess relevant sports-medicine experience, and bars committee members from having certain financial interests in wearable-device companies unless the parties agree otherwise.^2 This structure matters because it signals that the league and union are not treating wearables merely as consumer gadgets or routine training aids. They are treating them as technologies capable of generating medically and commercially sensitive data, with corresponding governance risks.
The current agreement also requires committee oversight of both device approval and cybersecurity standards. The Wearables Committee is tasked not only with reviewing whether a wearable could be harmful and whether its functionality has been validated, but also with setting cybersecurity standards for storage of wearable-derived data. The agreement further contemplates the use of jointly retained experts in fields including engineering, data science, and cybersecurity.^3 In other words, the CBA recognizes that athlete-data governance does not stop at the moment of collection. The legal and practical issues continue through validation, storage, transfer, and downstream use.
That focus is even clearer in the CBA’s treatment of approved devices and raw data. The agreement lists a set of approved wearable systems, including products associated with Catapult, Kinexon, ShotTracker, Strive, WHOOP, Zephyr, and Oura, and it prohibits use of wearables in games absent further agreement. It also limits teams to using only those metric categories or system variables that received a “Pass” in validation reports from jointly retained experts. Notably, the CBA addresses raw or unprocessed data exports and APIs, permitting their use only within validated metric categories and system variables.^4 That language is a very modern kind of labor clause. It does not merely regulate the strap, vest, or ring. It regulates the data pipeline and the permissible pathways by which teams may turn bodily signals into analytical products.
The player-protective core of the NBA’s wearable provisions appears in the voluntariness and use-restriction rules. Teams may request players to use approved wearables only on a voluntary basis in practice or other non-game settings. Players may decline to use a wearable or discontinue use at any time. Before a team can request wearable use, it must provide the player a written confidential explanation of what the device measures, what each measurement means, and the benefits to the player in obtaining the data.^5 These provisions operate as informed-consent safeguards within a workplace where formal consent is often strained by power asymmetry, roster pressure, and medical dependence.
The agreement then draws a crucial line between permissible and impermissible use. A player has full access to all data collected on him from approved wearables. Team staff may access the data, but only for player health and performance purposes and team on-court tactical and strategic purposes. The CBA expressly prohibits the data from being considered, used, discussed, or referenced in negotiations concerning a future player contract or other player-contract transaction, including trades and waivers. A grievance arbitrator may impose a fine of up to $250,000 on a team shown to have violated that rule.^6 This is one of the most significant labor protections in the agreement because it attempts to prevent biometric data from becoming a hidden valuation weapon in employment bargaining.
Still, the current CBA’s sophistication should not be mistaken for complete resolution. The agreement strongly protects against certain forms of misuse, but it does not fully settle the broader legal question of ownership in the property-law sense. It gives players access rights, imposes use restrictions, requires joint governance, and bars public release and commercial use of player data collected from a wearable worn at a team’s request unless the parties reach a further agreement. Yet that is not the same thing as establishing a fully elaborated ownership regime governing derivative analytics, inferred health-risk assessments, model outputs, retention rights, or secondary commercialization.^7 The CBA is protective, but it is not comprehensive in the strongest doctrinal sense.
That gap has become more visible as scholarship in the field has grown sharper. A 2025 Frontiers opinion article describes a persistent “unclear ownership” problem in sports technology and argues that athlete-generated data occupy an ambiguous legal space: deeply personal, institutionally controlled, and commercially valuable all at once. The article frames the problem through the concept of “athlete data sovereignty,” arguing that athletes should retain authority over how information linked to their physical identity is collected, accessed, shared, stored, and potentially erased.^8 Similarly, a 2024 SMU Science and Technology Law Review article surveying wearable-technology regulation concludes that athletes, rather than teams or leagues, should own the biometric data produced by wearable technology.^9 These sources do not themselves settle the law, of course, but they capture the doctrinal instability that the current NBA CBA has managed rather than eliminated.
The emerging split between the NBA and the G League reinforces that point. In October 2025, the NBPA published key deal points from the new NBA G League/NGBPU CBA stating that G League players may be required by the league or their teams to use approved wearable devices in games, practices, or other activities, subject to guidelines and limitations on use.^10 That published summary marks a notable contrast with the NBA’s current CBA, which keeps player use voluntary and prohibits game use pending further agreement. The divergence suggests that bargaining power, league tier, and economic context may shape wearable-governance rules as much as general privacy principle. It also suggests that developmental leagues may serve as testing grounds for rules that the major league has not yet accepted.
The health-and-performance case for expanded athlete monitoring is not imaginary. In February 2026, the University of Wisconsin–Madison announced a multi-institutional study conducted in collaboration with the NBA, NBPA, GE HealthCare, and Springbok Analytics to reduce musculoskeletal injuries among high-level basketball players. The project builds on a 2023-24 NBA G League pilot and integrates biomechanics, imaging, strength assessments, and training-load data.^11 That research underscores the strongest argument in favor of biometric tracking: better injury prevention, better recovery monitoring, and potentially better long-term athlete welfare. But it also illustrates the central legal tension. The same data that can help prevent injury can also inform valuation, durability forecasting, public storytelling, and future commercialization. In data-rich sports, the line between care and control is thin, slippery, and often drawn after the data have already been captured.
Accordingly, the current NBA CBA should be understood as an advanced but interim framework. It reflects a serious attempt to cabin employer use of biometric information through voluntariness, disclosure, access rights, joint oversight, cybersecurity standards, anti-commercialization limits, and a ban on contract-side misuse. But the unresolved question remains whether athletes will ultimately control not merely the collection of their data, but also the inferential and commercial afterlife of that data. That question is better understood not simply as a privacy issue, but as a labor-governance and economic-rights issue. In that sense, the future contest over sports wearables is not just about sensors. It is about authority over the digital byproducts of athletic labor.
Footnotes
National Basketball Players Association, Collective Bargaining Agreement (CBA), stating that the current agreement was ratified in April 2023, took effect July 1, 2023, runs through the 2029-30 season, and allows either side to opt out following the 2028-29 season.
2023 NBA-NBPA Collective Bargaining Agreement, art. XXII, § 13(a)-(b), defining wearables and establishing the jointly governed Wearables Committee.
Id. art. XXII, § 13(c)-(d), assigning the committee responsibility for device approval, validation, and cybersecurity standards, and authorizing jointly retained experts in engineering, data science, and cybersecurity.
Id. art. XXII, § 13(e)-(f), listing approved devices, prohibiting game use absent further agreement, and regulating validated metric categories, raw data, and APIs.
Id. art. XXII, § 13(g), providing that teams may request wearable use only on a voluntary basis in non-game settings, that players may discontinue use at any time, and that teams must provide a written confidential explanation of the device’s measurements, meanings, and player benefits.
Id. art. XXII, § 13(h), granting players full access to their wearable data, limiting team use to health, performance, and on-court tactical or strategic purposes, and prohibiting use in contract negotiations, trades, or waivers, with grievance fines up to $250,000.
Id. art. XXII, § 13(i), stating that pending further agreement, wearables may not be used in games and no player data collected from a wearable worn at a team’s request may be made public or used for any commercial purpose.
Jun Woo Kwon, Athlete data sovereignty: addressing the legal and policy gaps in sports technology, Frontiers in Sports and Active Living (Dec. 15, 2025), arguing that legal ownership remains uncertain and that athlete-generated data are “deeply personal yet institutionally controlled” and commercially valuable.
Jack Vande Berg, The Game-Changer: Legal Issues Surrounding Wearable Technology in Sports, 27 SMU Sci. & Tech. L. Rev. 151 (2024), concluding that athletes, not teams or leagues, should own biometric data produced by wearable technology.
National Basketball Players Association, NBA G League Collective Bargaining Agreement – Key Deal Points, stating that G League players may be required by the league or their teams to use approved wearable devices in games, practices, or other activities, subject to guidelines and limitations on use.
University of Wisconsin–Madison Department of Orthopedics and Rehabilitation, UW-Madison Launches Study in Collaboration with NBA, NBPA, GE HealthCare, and Springbok Analytics to Advance Injury Reduction in Basketball (Feb. 9, 2026), describing a study that builds on the collaboration’s 2023-24 NBA G League pilot and uses biomechanics, imaging, strength assessments, and training-load data.
