Opting-in to Leaderboards and other things GDPR

May 25th 2018 sees the introduction of the European General Data Protection Regulation (GDPR) around personal data protection and privacy and in order to comply there are a few changes I’ve needed to make to VeloViewer, mainly around the public leaderboards, which are detailed below.  Basically there shouldn’t be any personally identifiable data shown on the site for other people to see unless you have specifically opted-in to expose it.

Background

Since day one, by default, all of your detailed public and private Strava data has only been visible to you in VeloViewer unless you had opted-in to share your public data in the Options section of your Update page. You have also always had the ability to delete all of your data using the button in the same Options section. The only thing I keep after this delete is any payment records as I need those for accounting/tax reasons.

Main Leaderboards

The overall leaderboards linked from the main menu and your Summary page now require you to opt-in in order for you to be included.  You will initially be prompted on your Update page to decide whether you wish to be included in these leaderboards or not.  If you opt-in then other people will see your name and totals (but not your detailed data) in the leaderboards along with a link to your profile on Strava.  You can always head to the Options section of your Update page at any time to change it.  If you have also marked your detailed data as public then there will also be a link to your VeloViewer Summary page from your name.

Note: When you change this option it may take up to 3 hours for it to take affect (for the leaderboard caches to be refreshed).

The Friends leaderboards will no longer be available due to a change to the Strava API related to GDPR, I can no longer get a list of your Strava friends.

100 Climbs Leaderboards

Similar to the main leaderboards, you will now have to opt-in to be displayed in the 100 Climbs leaderboards (and the other club leaderboards I host using the same code, I’ll talk more about that in the future).  It will use the same opt-in setting used for the main leaderboards.

There is another, bigger change required to these leaderboards due to another GDPR change to the Strava API.  The segment leaderboards now only provide details of the logged in athlete rather than providing name/athlete_id for all athletes. This means I can no longer update the leaderboards in bulk like I did previously.

So now I will have to check the leaderboard segment times for each athlete individually.  The only way to do this in a scalable way is to restrict it to PRO (or PRO+) users and have you head to each region’s leaderboard and update your times for the segments by pressing a button.

Note: These updated 100 Climbs leaderboards will not be available immediately when the GDPR deadline of 25th May arrives but I will be working on getting them back up and running in this new way ASAP.

Rivals

This page obviously has had to be taken down as it would find athletes that potentially hadn’t even heard of VeloViewer that were close to you on leaderboards and list them for you.  There isn’t any way that I can think of to do anything similar in a way that would comply with GDPR so unfortunately it’s the end for this one.

Comparison

The comparison page will still work if you want to compare your overlapping segments with other VeloViewer users who have marked their data as public in their options (not related to the leaderboard opt-in setting) but it will no longer work for Strava athletes that haven’t done this.  Also, with the end of the Rivals page and no way to get your list of Strava friends via the API I’m not sure how to provide the direct links into this page in the first place.  Perhaps I could add something to my Chrome Extension to provide a direct link when you view an athlete’s profile on Strava’s website? I’ll look into this as soon as I can.

Google Analytics

I use Google Analytics to keep track of general usage of the site but I anonymise your IP address and also strip out any ids that could be personally identifiable from the URLs that are passed (i.e. athlete id, activity id & route id) so nothing being stored by Google is traceable to you.

Emails

As I’m sure you know already, I don’t have a newsletter or anything like that. Just follow me on Facebook and/or Twitter to keep up to date with what is going on.

The only email I will send is when your membership has expired to remind you that you might want to renew. If I understand GDPR correctly I don’t need to request permission to send this sort of email.

Sharing your data with 3rd parties

Not something I’ve ever done or plan to do.

13 thoughts on “Opting-in to Leaderboards and other things GDPR”

  • Mike Stewart says:

    I will be attempting a High Rouleur ride on this Tuesday and looking at the rules I need to submit this ride via Velo viewer. I just signed up for the free version, do I need to go pro to have my Tuesday attemp count? I guess I’m unclear if the free version gives me the ability to use Velo viewer on upcoming rides or was it just to show my last 25 rides?

    • HI Mike. No need to be VeloViewer PRO (or even sync your free 25 activities) to add an Everesting or HRS. Just head to the submission page and you can attach any of your activities.

  • Hi Ben
    I have really enjoyed visiting the “100 Leader boards” partly to see how I compare to my peers but what I value more is being able to see in one place how many of the climbs I have done. This also helps in planning a route to take in several of the hills. A lot of this information is only personal to the user so the need to see everyone else’s data is not important.
    Is there any way of having a 100 climbs “lite” so you can see your own data but not everyone elses?

    Thanks

    Tim

  • Wouldn’t some of these items have been permissible under “legitimate interest” Ben? You don’t NEED informed consent…

    • I’m possibly playing it safe and was expecting (even hoping) at least someone more educated on all of this to tell me that I was doing too much (or perhaps too little) somewhere in the comments here or on Facebook!
      Which specific bits do you think would be permissible under “legitimate interest”?
      It seems like most regular users have already opted in to the main leaderboards anyway. The Rivals, Comparisons and 100 Climbs leaderboards are all affected by the new restrictions of the Strava API so even if they were deemed to be of legitimate interest and not require consent, the data is no longer available to build them.

  • Nicholas haupt says:

    Hi
    How can I see all the segments that I have ridden and compare the results with people I follow on Strava?
    Ie basically I want to see per segment how I compare to people that I follow without clicking a million times….

    • This used to be possible on the Comparison page following the links from your Friends’ List on the Rivals page. Unfortunately, as mentioned above, that is no longer possible. If your friend on Strava is also a VeloViewer PRO user and has chosen to share their data publicly then it would be possible but there is no longer a way for me to get your list of friends from the Strava API.

  • Thanks for putting the effort in with this Ben, i appraciate it and it must be a right royal pain in the ass. Anth

  • Geoff Allard says:

    Like all things GDPR, there is far too much information to read through here. I was only ever concerned on how I was doing on 100 climbs. Having potentially done two more recently how can I see my own data to check how many of the climbs I have tackled (Not many I know).

    Cheers, Geoff.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>