When I wrote a rough draft of the SCA Release Forms Handbook back in 2021, I incorporated a distinction reflecting practice here in the East Kingdom: participants’ modern names are considered personal information and must not be published by the Society without their explicit consent — the same rules that apply to their home address and other real-world contact details — but their Society names are considered “in-game” attributes and their publication doesn’t require any paperwork.
Following the release of the Handbook in 2023, folks from Drachenwald mentioned that their interpretation was different; under the European GDPR, Society names could be seen as “information relating to an identified or identifiable natural person,” and thus protected as personal data, which should not be published without consent.
I am not a lawyer, but this seems like a plausible reading of the law, and I haven’t been able to find any clear guidance one way or the other from reliable sources. (There are lots of articles about about GDPR and “pseudonyms,” but this is in the context of automated semi-anonymization of databases, and likely not applicable to the individually-chosen persona names used in the Society.)
I wrote to the SCA’s in-house counsel, and it sounds like they don’t have a clear answer either. It would be good if we could get this settled one way or the other…
[Postscript:] This restriction, if it exists, would not apply to random individuals posting about the weekend spent with their friends at an SCA event — the GDPR only applies to organizations. However, it would apply to all information published by the Society and its agents — which in practice means material posted or printed by officers in the course of their duties, both the individual volunteers who run the kingdoms and local branches, and the small number of people who run the non-profit parent organization.
From: Mathghamhain Ua Ruadháin
To: SCA Publications Manager
Cc: SCA In-House Counsel
Date: 24 November 2023
Hello,
The Release Forms Handbook states in paragraph VII.D.2 that SCA name are not considered personal information.
https://www.sca.org/wp-content/uploads/2023/02/Release-Forms-Handbook.pdf#page=12
I believe this is defensible under the laws of our North-American kingdoms, but may be incorrect in EU where the GDPR applies, as Society names are indeed “information relating to an identified or identifiable natural person.”
Was the handbook reviewed by an attorney familiar with overseas requirements, such that folks in Drachenwald can confidently rely on this guidance?
Thanks for everything that you do,
— Mathghamhain Ua Ruadháin
From: Mathghamhain Ua Ruadháin
To: SCA Publications Manager, SCA In-House Counsel
Cc: Society Web Minister, Society Chronicler
Date: 8 February 2024
Hello folks,
I haven’t heard back on this issue of concern to our overseas officers… Is this guidance reliable Society-wide, or should folks in Drachenwald seek local legal advice to be sure?
Thanks!
— Mathghamhain
From: SCA In-House Counsel
To: Mathghamhain Ua Ruadháin, SCA Publications Manager
Cc: Society Web Minister, Society Chronicler
Date: 9 February 2024
We have not been able to determine whether or not this issue was reviewed by attorneys familiar with the various laws applicable to Europe. We do believe that the Drachenwald laws for the society were crafted with the EU requirements in mind. Unfortunately, our best answer at this time is that modern law supersedes SCA law.