Editor's Note: Marjolaine is a researcher and attorney admitted to the Geneva bar (Switzerland) who specialises in sports and life sciences. Her interests focus on interdisciplinary approaches as a way of designing effective solutions in the field of anti-doping and other science-based domains. Her book “Evidence in Anti-Doping at the Intersection of Science & Law” was published through T.M.C Asser Press / Springer in late 2015. She participates as a co-author on a project hosted by the University of Neuchâtel to produce the first article-by-article legal commentary of the 2021 World Anti-Doping Code. In her practice, she regularly advises international federations and other sports organisations on doping and other regulatory matters, in particular on aspects of scientific evidence, privacy or research regulation. She also has experience assisting clients in arbitration proceedings before the Court of Arbitration for Sport or other sport tribunals.
Since the spectre of the EU General Data
Protection Regulation (‘GDPR’) has loomed over the sports sector,[1]
a new wind seems to be blowing on anti-doping, with a palpable growing interest
for stakes involved in data processing. Nothing that would quite qualify as a
wind of change yet, but a gentle breeze of awareness at the very least.
Though the GDPR does mention the fight
against doping in sport as a potential matter of public health in its recitals,[2]
EU authorities have not gone so far as to create a standalone ground on which
anti-doping organisations could rely to legitimise their data processing.
Whether or not anti-doping organisations have a basis to process personal data –
and specifically sensitive data – as part of their anti-doping activities, thus
remains dependent on the peculiarities of each national law. Even anti-doping
organisations that are incorporated outside the EU are affected to the extent
they process data about athletes in the EU.[3]
This includes international sports federations, many of which are organised as private
associations under Swiss law. Moreover, the Swiss
Data Protection Act (‘DPA’) is currently
under review, and the revised legal
framework should largely mirror the GDPR, subject to a few Swiss peculiarities.
All anti-doping organisations undertake at a minimum to abide by the WADA International
Standard for Privacy and the Protection of Personal Information (‘ISPPPI’),
which has been adapted with effect to 1 June 2018 and enshrines requirements
similar to those of the GDPR. However, the ISPPPI stops short of actually
referring to the GDPR and leaves discretion for anti-doping organisations to
adapt to other legislative environments.
The purpose of this blog is not to offer a
detailed analysis of the requirements that anti-doping organisations must abide
by under data protection laws, but to highlight how issues around data
processing have come to crystallise key challenges that anti-doping
organisations face globally. Some of these challenges have been on the table since
the adoption of the first edition of the World Anti-Doping Code (‘WADC’) but
are now exposed in the unforgiving light of data protection requirements. More...