Asser International Sports Law Blog

Our International Sports Law Diary
The Asser International Sports Law Centre is part of the T.M.C. Asser Instituut

How Data Protection Crystallises Key Legal Challenges in Anti-Doping - By Marjolaine Viret

Editor's Note: Marjolaine is a researcher and attorney admitted to the Geneva bar (Switzerland) who specialises in sports and life sciences. Her interests focus on interdisciplinary approaches as a way of designing effective solutions in the field of anti-doping and other science-based domains. Her book “Evidence in Anti-Doping at the Intersection of Science & Law” was published through T.M.C Asser Press / Springer in late 2015. She participates as a co-author on a project hosted by the University of Neuchâtel to produce the first article-by-article legal commentary of the 2021 World Anti-Doping Code. In her practice, she regularly advises international federations and other sports organisations on doping and other regulatory matters, in particular on aspects of scientific evidence, privacy or research regulation. She also has experience assisting clients in arbitration proceedings before the Court of Arbitration for Sport or other sport tribunals.


Since the spectre of the EU General Data Protection Regulation (‘GDPR’) has loomed over the sports sector,[1] a new wind seems to be blowing on anti-doping, with a palpable growing interest for stakes involved in data processing. Nothing that would quite qualify as a wind of change yet, but a gentle breeze of awareness at the very least.

Though the GDPR does mention the fight against doping in sport as a potential matter of public health in its recitals,[2] EU authorities have not gone so far as to create a standalone ground on which anti-doping organisations could rely to legitimise their data processing. Whether or not anti-doping organisations have a basis to process personal data – and specifically sensitive data – as part of their anti-doping activities, thus remains dependent on the peculiarities of each national law. Even anti-doping organisations that are incorporated outside the EU are affected to the extent they process data about athletes in the EU.[3] This includes international sports federations, many of which are organised as private associations under Swiss law. Moreover, the Swiss Data Protection Act (‘DPA’) is currently under review, and the revised legal framework should largely mirror the GDPR, subject to a few Swiss peculiarities. All anti-doping organisations undertake at a minimum to abide by the WADA International Standard for Privacy and the Protection of Personal Information (‘ISPPPI’), which has been adapted with effect to 1 June 2018 and enshrines requirements similar to those of the GDPR. However, the ISPPPI stops short of actually referring to the GDPR and leaves discretion for anti-doping organisations to adapt to other legislative environments.

The purpose of this blog is not to offer a detailed analysis of the requirements that anti-doping organisations must abide by under data protection laws, but to highlight how issues around data processing have come to crystallise key challenges that anti-doping organisations face globally. Some of these challenges have been on the table since the adoption of the first edition of the World Anti-Doping Code (‘WADC’) but are now exposed in the unforgiving light of data protection requirements. More...