May 25th 2018 sees the introduction of the European General Data Protection Regulation (GDPR) around personal data protection and privacy and in order to comply there are a few changes I’ve needed to make to VeloViewer, mainly around the public leaderboards, which are detailed below. Basically there shouldn’t be any personally identifiable data shown on the site for other people to see unless you have specifically opted-in to expose it.
Since day one, by default, all of your detailed public and private Strava data has only been visible to you in VeloViewer unless you had opted-in to share your public data in the Options section of your Update page. You have also always had the ability to delete all of your data using the button in the same Options section. The only thing I keep after this delete is any payment records as I need those for accounting/tax reasons.
The overall leaderboards linked from the main menu and your Summary page now require you to opt-in in order for you to be included. You will initially be prompted on your Update page to decide whether you wish to be included in these leaderboards or not. If you opt-in then other people will see your name and totals (but not your detailed data) in the leaderboards along with a link to your profile on Strava. You can always head to the Options section of your Update page at any time to change it. If you have also marked your detailed data as public then there will also be a link to your VeloViewer Summary page from your name.
Note: When you change this option it may take up to 3 hours for it to take affect (for the leaderboard caches to be refreshed).
The Friends leaderboards will no longer be available due to a change to the Strava API related to GDPR, I can no longer get a list of your Strava friends.
100 Climbs Leaderboards
Similar to the main leaderboards, you will now have to opt-in to be displayed in the 100 Climbs leaderboards (and the other club leaderboards I host using the same code, I’ll talk more about that in the future). It will use the same opt-in setting used for the main leaderboards.
There is another, bigger change required to these leaderboards due to another GDPR change to the Strava API. The segment leaderboards now only provide details of the logged in athlete rather than providing name/athlete_id for all athletes. This means I can no longer update the leaderboards in bulk like I did previously.
So now I will have to check the leaderboard segment times for each athlete individually. The only way to do this in a scalable way is to restrict it to PRO (or PRO+) users and have you head to each region’s leaderboard and update your times for the segments by pressing a button.
Note: These updated 100 Climbs leaderboards will not be available immediately when the GDPR deadline of 25th May arrives but I will be working on getting them back up and running in this new way ASAP.
This page obviously has had to be taken down as it would find athletes that potentially hadn’t even heard of VeloViewer that were close to you on leaderboards and list them for you. There isn’t any way that I can think of to do anything similar in a way that would comply with GDPR so unfortunately it’s the end for this one.
The comparison page will still work if you want to compare your overlapping segments with other VeloViewer users who have marked their data as public in their options (not related to the leaderboard opt-in setting) but it will no longer work for Strava athletes that haven’t done this. Also, with the end of the Rivals page and no way to get your list of Strava friends via the API I’m not sure how to provide the direct links into this page in the first place. Perhaps I could add something to my Chrome Extension to provide a direct link when you view an athlete’s profile on Strava’s website? I’ll look into this as soon as I can.
I use Google Analytics to keep track of general usage of the site but I anonymise your IP address and also strip out any ids that could be personally identifiable from the URLs that are passed (i.e. athlete id, activity id & route id) so nothing being stored by Google is traceable to you.
The only email I will send is when your membership has expired to remind you that you might want to renew. If I understand GDPR correctly I don’t need to request permission to send this sort of email.
Sharing your data with 3rd parties
Not something I’ve ever done or plan to do.