In a recent New York Times pieceMarc Tracy discussed the implications of the recent University of Michigan football team’s decision to enter into a contract with Nike worth $170 million dollars. A clause in the contract could allow Nike to collect personal data from University of Michigan athletes through wearable technology such as GPS trackers, heart rate monitors and other devices that track and log other biological and personal information.

While Tracy reviews the issues associated with athletes’ rights in college sports, I am primarily concerned with the issues of privacy, security and wearable technology. A recent analysis of fitness devices showed a variety of findings including Bluetooth MAC address surveillance, lack of encrypted data transport and storage, devices that transmitted geolocation information, companies that gave themselves extensive rights to use and sell consumer data, and data collection that exceeded the collection information in the product’s privacy statement.

Another recent analysis by reviewed the security of several fitness wristbands and found widespread issues such as lack of data at rest and in transit encryption, poor tamper protection, lack of Bluetooth Smart LE Privacy, inadequate authentication and lack of controlled connectivity.

In Michigan’s case, the contract gives Nike and Michigan control over the data and its use. It appears that players will likely have no say in how their data will be collected or used. Could this data be shared with professional sports leagues, for example?

As mentioned in the article, I am concerned about the hacking and compromise potential of wearable devices. Where there is money to made, hackers are motivated. Data regarding athletic performance would be valuable to people who gamble for money on professional and college games or in fantasy leagues. Companies that create wearables and other Internet of Things (IoT) devices have a responsibility to build security and privacy into their devices.

See the full article here: With Wearable Tech Deals, New Player Data Is Up for Grabs