When a professional footballer straps on a GPS vest before training, the device begins generating a continuous stream of data — distance covered, sprint intensity, heart-rate output, neuromuscular load. By the end of the session, the club has a detailed biometric portrait of that player’s physical state. But does any of that data actually belong to the athlete whose body produced it? According to research published by Seoul National University’s Sports Technology Laboratory, the answer under current law is deeply unclear — and that ambiguity carries significant consequences for how Korean sports governance will need to evolve.
What the Research Argues
Sports technology has rapidly reshaped the measurement and governance of athletic performance. Wearables, smart fabrics, and AI-linked sensors now generate constant biometric and tactical streams used for analytics, injury prevention, and fan-facing applications. As these tools become embedded in everyday training, the line between assistance and surveillance becomes harder to distinguish, raising new concerns about autonomy and control. Although the data originate from athletes’ bodies, legal ownership remains uncertain. Existing privacy law and international sports governance frameworks offer no clear allocation of rights over the digital traces produced through play or training.
The study, authored by Jun Woo Kwon of Seoul National University’s Department of Physical Education and published in December 2025 in Frontiers in Sports and Active Living, frames this as a matter of fundamental rights rather than a narrow technical question. Given that performance metrics may reveal medical, psychological, or fatigue-related indicators, athlete data arguably require protection comparable to medical information. Yet existing privacy law rarely distinguishes performance metrics from routine employment records or mandates heightened safeguards. This gap reduces the athlete to an administrative entry rather than a rights-bearing individual.
The Problem With Korea’s Current Legal Framework
Korea’s primary data protection instrument, the Personal Information Protection Act (PIPA), is the domestic equivalent of the EU’s General Data Protection Regulation in terms of scope — but it does not resolve the ownership question. Korea’s Personal Information Protection Act focuses on controller duties but does not recognise any proprietary claim athletes may hold over data produced from their bodies.
This creates a structural mismatch. An athlete may technically be informed that their data is being collected — satisfying the basic notice requirement under PIPA — while having no meaningful authority over what happens to that data afterward, who accesses it, how long it is retained, or whether it is licensed to third parties such as sports analytics companies, broadcasters, or betting data providers.
This unresolved framework creates a conceptual gap: athlete data are simultaneously personal, professional, and commercial, yet legal regimes force a binary classification. The result is an athlete positioned primarily as a passive data subject rather than a rights-bearing contributor. Many leagues include provisions permitting extensive use of biometric or performance data for analytics, marketing, or third-party licensing. In these contexts, consent is typically formal rather than substantive due to structural bargaining inequality between athletes and organisations.
How Other Jurisdictions Are Responding
The debate is not unique to Korea, but international experience points toward governance mechanisms that Korean sports bodies have not yet adopted. In the United States, collective bargaining has become the primary vehicle through which athletes have begun asserting limited rights over their biometric data.
Collective bargaining agreements in leagues such as the NFL and NBA function less as unilateral employer control and more as negotiated frameworks of shared governance. Under the 2020 NFL–NFLPA collective bargaining agreement, biometric-tracking decisions are jointly administered rather than left solely to team discretion.
The MLB Players Association negotiated with MLB in 2022 to include a provision in a collective bargaining agreement that would make it illegal for MLB or any individual baseball club to sell or license a player’s confidential medical information, personal biometric data, or any nonpublic data used to evaluate player performance in practices or training sessions.
In 2017, the National Basketball Players Association negotiated provisions regarding the collection and use of wearable technology data, ensuring that players retain specific rights over their personal biometric information. As biometric tracking becomes more advanced, future collective bargaining agreements will likely refine these protections further.
None of these frameworks are perfect, but they demonstrate a trajectory: professional sports organisations worldwide are being pushed — by players’ unions, regulators, and courts — toward acknowledging that biometric data is not simply an employer asset.
What the Seoul National University Study Proposes
The research does not simply diagnose the problem. It puts forward a framework for reform built around three interlocking proposals.
First, a co-ownership model could be adopted to allocate shared rights among athletes, clubs, and technology providers. While not yet formalised in sport, the idea aligns with legal developments. EU jurisprudence confirms that control over the same dataset may be shared under the GDPR’s doctrine of joint controllership. Treating data as a shared resource rather than an employment artefact would help prevent exclusive institutional control and enable negotiated limits on secondary use, commercialisation, and retention.
Second, data sovereignty should be expressly integrated into sport-governance instruments. Instead of being treated merely as data subjects, athletes should be recognised as legitimate data owners with authority to approve, monitor, and revoke processing. Embedding sovereignty into league rules and federation policy would shift athletes from passive compliance to active participation and align sport governance with broader principles of autonomy and human-rights-based data protection. Third, federations and national associations should establish enforceable ethical and legal guidelines defining permissible collection, retention periods, and commercial boundaries. Tools such as standardised consent workflows, transparency audits, and independent oversight boards would help institutionalise accountability.
Why This Matters for K League and Korean Sports Governance
For readers in Cheongju and across Chungcheongbuk-do, these questions connect directly to how professional sports in Korea is governed. K League clubs already use GPS tracking and performance monitoring technology in daily training. As the league modernises its data infrastructure — including the AI-tracking systems introduced in the 2026 broadcast overhaul — the volume of athlete-generated data being collected, stored, and potentially commercialised will grow considerably.
The protection of athlete data faces three main challenges: disputes over data rights ownership between the multiple entities involved; the cost athletes face when claiming rights — including the risk of exclusion from competitions if they refuse data collection conditions; and legal framework inadequacy, where existing laws leave athletes in a state of data out of control once they sign participation agreements.
The Seoul National University research represents a first substantive effort within Korean academic sports governance to map the problem and propose solutions grounded in international legal precedent. Whether the Korea Professional Football Federation or other sports governing bodies adopt its recommendations remains to be seen — but the academic groundwork for reform is now established. For readers in Cheongju interested in how legal structures shape the experiences of individuals operating within regulated systems, cheongjuinsider.com has a relevant examination of how regulation shapes modern markets and the conditions under which individuals operate.
The question of who owns an athlete’s data is not abstract. It determines whether a player’s injury risk profile can be sold to a third-party analytics firm without their knowledge, whether biometric fatigue data can be used to argue against a contract renewal, and whether the constant surveillance built into modern elite sport comes with any meaningful right of the athlete to know — and decide — how the most personal information their body produces is used. For more on how governance structures and legal frameworks shape the balance between institutional control and individual rights in regulated environments, gwangjuinsider.com has explored how legal structures in digital markets affect user behavior and rights.
