GDPR : What are the implications for LMS systems ?

Discuss anything you like about chess related matters in this forum.
John Upham
Posts: 4157
Joined: Wed Apr 04, 2007 10:29 am
Location: Cove, Hampshire, England.
Contact:

GDPR : What are the implications for LMS systems ?

Post by John Upham » Fri Feb 09, 2018 6:00 pm

On ​25 May 2018
The GDPR will replace the current Directive and will be directly applicable in all Member States without the need for implementing national legislation.

What are the implications for Leagues that have implemented an LMS ?

I feel that my head has moved closed to the EU chopping block !

Nick Grey
Posts: 965
Joined: Thu Dec 01, 2011 12:16 am

Re: GDPR : What are the implications for LMS systems ?

Post by Nick Grey » Fri Feb 09, 2018 6:19 pm

Not sure what you are going on about? Anyway I thought ECF were implementing. Are you suggesting a Brexit issue?

Roger de Coverly
Posts: 17389
Joined: Tue Apr 15, 2008 2:51 pm

Re: GDPR : What are the implications for LMS systems ?

Post by Roger de Coverly » Fri Feb 09, 2018 7:21 pm

Nick Grey wrote:
Fri Feb 09, 2018 6:19 pm
Anyway I thought ECF were implementing.
Numerous League Management Systems have been written, pre-dating the ECF's attempt. John's is one of them.

It's been claimed that GPDR doesn't affect the running of amateur sports and social activities. It's something the ECF could attempt to establish on behalf of the British chess community or even find out from the umbrella body that used to be called CCPR. I wouldn't be hopeful of a clear cut reply from civil servants or politicians though.

Nick Grey
Posts: 965
Joined: Thu Dec 01, 2011 12:16 am

Re: GDPR : What are the implications for LMS systems ?

Post by Nick Grey » Fri Feb 09, 2018 8:08 pm

GPDR is something about Member States in EU which we are leaving?
FiDE is not EU.
Why will civil servants and politicians waste their time & energy on Chess League Management systems?
Not as if they provide support for chess in this country.

John - happy to contribute but not sure what it is that you want. I remember introducing Thames Valley John Upham System during my time as League Secretary. Also within other leagues in our area. I also see no reason why not an option for the overall plans, other than I cannot really see the need for monthly or quarterly updates on ECF grading system,

John Upham
Posts: 4157
Joined: Wed Apr 04, 2007 10:29 am
Location: Cove, Hampshire, England.
Contact:

Re: GDPR : What are the implications for LMS systems ?

Post by John Upham » Fri Feb 09, 2018 8:44 pm

Nick Grey wrote:
Fri Feb 09, 2018 8:08 pm
GPDR is something about Member States in EU which we are leaving?
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Nick Grey
Posts: 965
Joined: Thu Dec 01, 2011 12:16 am

Re: GDPR : What are the implications for LMS systems ?

Post by Nick Grey » Fri Feb 09, 2018 9:13 pm

We are leaving aren't we? It is a world wide web isn't it? It has pretty much failed hasn't it? Is that the latest directive?

Or are you saying my rights to privacy of my chess results have been violated by league Management software, ECF and Fide?

J T Melsom
Posts: 390
Joined: Wed Aug 12, 2009 11:12 pm

Re: GDPR : What are the implications for LMS systems ?

Post by J T Melsom » Fri Feb 09, 2018 10:23 pm

Given the overall impact of Brexit this is small beer, and sadly suggests that chess players (and administrators) live in a bit of a bubble. Data issues are important, but nothing when compared with the numbers of people including chess players who might be unable to find jobs after Brexit. I wish some people would be more sensitive and not play games with debating points.

NickFaulks
Posts: 4527
Joined: Sat Jan 02, 2010 1:28 pm

Re: GDPR : What are the implications for LMS systems ?

Post by NickFaulks » Fri Feb 09, 2018 11:43 pm

John Upham wrote:
Fri Feb 09, 2018 6:00 pm
I feel that my head has moved closer to the EU chopping block!
You still have three months to move to somewhere without an extradition treaty. Ecuador has nice weather.

David Sedgwick
Posts: 3153
Joined: Mon Apr 09, 2007 5:56 pm
Location: Croydon

Re: GDPR : What are the implications for LMS systems ?

Post by David Sedgwick » Fri Feb 09, 2018 11:51 pm

J T Melsom wrote:
Fri Feb 09, 2018 10:23 pm
Given the overall impact of Brexit this is small beer, and sadly suggests that chess players (and administrators) live in a bit of a bubble. Data issues are important, but nothing when compared with the numbers of people including chess players who might be unable to find jobs after Brexit. I wish some people would be more sensitive and not play games with debating points.
Discussion of the economic consequences of Brexit belongs in another thread, surely?

However, John seems to me to be asking a serious question. There is a new EU Directive which may impact on League Management Systems such as his. Or it may not, if if won't come into force until after the UK has left the EU.

John, I endorse Roger's suggestion. You should seek advice from the ECF. If they can't provide it, you should ask them to refer your query to the Sport & Recreation Alliance.

John Upham
Posts: 4157
Joined: Wed Apr 04, 2007 10:29 am
Location: Cove, Hampshire, England.
Contact:

Re: GDPR : What are the implications for LMS systems ?

Post by John Upham » Sat Feb 10, 2018 12:14 am

NickFaulks wrote:
Fri Feb 09, 2018 11:43 pm
John Upham wrote:
Fri Feb 09, 2018 6:00 pm
I feel that my head has moved closer to the EU chopping block!
You still have three months to move to somewhere without an extradition treaty. Ecuador has nice weather.
I asked Julian about Ecuadorian weather. All he can see is grey skies and police persons.

David Gilbert
Posts: 716
Joined: Sat Apr 04, 2009 10:03 am

Re: GDPR : What are the implications for LMS systems ?

Post by David Gilbert » Sat Feb 10, 2018 2:19 am

David Sedgwick wrote:
Fri Feb 09, 2018 11:51 pm

However, John seems to me to be asking a serious question. There is a new EU Directive which may impact on League Management Systems such as his. Or it may not, if if won't come into force until after the UK has left the EU.

John, I endorse Roger's suggestion. You should seek advice from the ECF. If they can't provide it, you should ask them to refer your query to the Sport & Recreation Alliance.
My interest, albeit now distant, had been on the impact of the GDPR on national clinical audit programmes and patient registeries, but that’s another story.

The new EU law on data processing will come into effect on 25 May 2018. Its key aim is to provide protection for individuals and it also prevents organisations hiding behind legal jargon in their small print agreements. We’ve known about this for some time and organisations, certainly Government organisations and their agencies, have been preparing for its implementation.

There’s a new Data Protection Bill that cleared the Lords last month and has now been introduced in the Commons. A big section of that Bill is devoted to the GDPR and that will align us with the rest of the EU. Given the current Data Protection Act is now 20 years old, and needs a make over, it is expected that time will be found for it to complete its passage to Royal Assent. Should that not happen the GDPR will be bundled-up into the Great Repeal Bill, and legalised through regulations. So it’s going to happen.

The implications for the LMS and chess are pretty obscure. Individuals can ask for information held about them, but can’t they can do that now? And anyway, the LMS doesn't hold any secret details about individuals. Does it? There could be a problem if someone wanted to use their right to be forgotten. That seems unlikely, but the LMS would need to find a way to delete names while retaining its basic structures, like historic results and league tables. One other possibility would be an individual objecting to LMS data being shared with the Grading database. Hmmm?

That's me done!

David Sedgwick
Posts: 3153
Joined: Mon Apr 09, 2007 5:56 pm
Location: Croydon

Re: GDPR : What are the implications for LMS systems ?

Post by David Sedgwick » Sat Feb 10, 2018 11:29 am

David Gilbert wrote:
Sat Feb 10, 2018 2:19 am
The new EU law on data processing will come into effect on 25 May 2018. Its key aim is to provide protection for individuals and it also prevents organisations hiding behind legal jargon in their small print agreements. We’ve known about this for some time and organisations, certainly Government organisations and their agencies, have been preparing for its implementation.

There’s a new Data Protection Bill that cleared the Lords last month and has now been introduced in the Commons. A big section of that Bill is devoted to the GDPR and that will align us with the rest of the EU. Given the current Data Protection Act is now 20 years old, and needs a make over, it is expected that time will be found for it to complete its passage to Royal Assent. Should that not happen the GDPR will be bundled-up into the Great Repeal Bill, and legalised through regulations. So it’s going to happen.
Thank you David. I now understand to what this relates.

I am aware that ECF Directors and staff are reviewing the implications, so I would again suggest that any queries should be referred to the ECF Office.

Roger de Coverly
Posts: 17389
Joined: Tue Apr 15, 2008 2:51 pm

Re: GDPR : What are the implications for LMS systems ?

Post by Roger de Coverly » Sat Feb 10, 2018 12:28 pm

David Sedgwick wrote:
Sat Feb 10, 2018 11:29 am
Thank you David. I now understand to what this relates.
Buried in the depths of the ICO guidance are references to chess clubs.

Under
https://ico.org.uk/for-organisations/gu ... es/?q=club
which I think is the "old" rules it says
Where your organisation is exempt from notification, and processes personal data only for an obvious purpose (and therefore does not need to give a privacy notice), the “specified purpose” should be taken to be the obvious purpose.

Example

A not-for-profit chess club only uses personal data to organise a chess league for its members. The club is exempt from notification, and the purpose for which it processes the information is so obvious that it does not need to give privacy notices to its members. The specified purpose of processing should be taken to be the organisation of a members’ chess league.
Under the new rules, there's still a chess example, but this time in
https://ico.org.uk/media/for-organisati ... idance.pdf it says
Example 2
A chess club sets up a website on which it publishes results of the chess matches its members have played in tournaments against other clubs. Although the members of the club share a recreational interest, the personal data is being processed for the distinct collective purposes of the club rather than for the domestic purposes of its individual members. In this situation the
section 36 exemption does not apply.
(Section 36 is the exemption for individuals)

The question comes as to why? Was this intended by Parliament and for that matter the EU Commission?

David Robertson
Posts: 1985
Joined: Tue Apr 03, 2007 6:24 pm
Contact:

Re: GDPR : What are the implications for LMS systems ?

Post by David Robertson » Sat Feb 10, 2018 4:26 pm

Roger de Coverly wrote:
Sat Feb 10, 2018 12:28 pm
Example 2
A chess club sets up a website on which it publishes results of the chess matches its members have played in tournaments against other clubs. Although the members of the club share a recreational interest, the personal data is being processed for the distinct collective purposes of the club rather than for the domestic purposes of its individual members. In this situation the section 36 exemption does not apply
(Section 36 is the exemption for individuals)

The question comes as to why?
Presumably for the following reason. Two players - let's call them Roger and Nick - freely supply their names to the 4NCL because they want to play chess. They play each other, and Roger wins. Nick accepts his tough luck, and goes home to nurse his disappointment.

Meanwhile, the 4NCL decides for the amusement of third parties to publish all game outcomes, including that between Roger and Nick. One third party - let's call him David - spots this game, and publishes it far and wide for the amusement of everyone. Alas, Nick is not amused, and would rather hide under a blanket in a dark cave. He appeals to the ICO, citing Section 36, which decides in his favour on the grounds that his personal data is now being used for a collective purpose (informing third parties) rather than for the singular domestic purpose to which he'd assented (playing a chess game)

John Upham
Posts: 4157
Joined: Wed Apr 04, 2007 10:29 am
Location: Cove, Hampshire, England.
Contact:

Re: GDPR : What are the implications for LMS systems ?

Post by John Upham » Sat Feb 10, 2018 6:00 pm

David Robertson wrote:
Sat Feb 10, 2018 4:26 pm
He appeals to the ICO, citing Section 36, which decides in his favour on the grounds that his personal data is now being used for a collective purpose (informing third parties) rather than for the singular domestic purpose to which he'd assented (playing a chess game)


Would this judgement apply also to the result of the game rather than the moves?

Presumably the result is also informing third parties ?

I suspect Leagues will need to tighten their T&Cs in a allowing a new person in a League :

"It is a condition of registration that a player allows his or her results to be recorded by the League for the purposes of informing third parties (i.e. anyone viewing the web site) and for collection by the League Grader and submission to the English Chess Federation (or whoever is the NGB at the time)."

is a suggestion for wording.

Post Reply