RYA SafeTrx Is Closing Down 31 December 2025

[ylop]

No, data can be used for other purposes if they are legal, and there is no legal barrier to keeping users informed about the system being closed in any law I’m aware of. GDPR explicitly allows it, for instance.
Whether it’s feasible is another matter as you rightly point out.

The ICO doesn’t agree with you: Principle (b): Purpose limitation

Now it may be that the original purpose already covered informing users about the planned future/end of the service or something close enough to it to be “compatible with the original purpose”, and indeed it would be unusual if they collected email addresses and didn’t use them to tell you about stuff like this, but as a general rule an organisation can’t gather data for one purpose and then use it for another purpose.

By the way I just had a skim through the privacy notice - I don’t think it explicitly says they will collect your email address anywhere! Weirdly it says they will send you stuff but not how! I suspect like most Privacy Notices it was created because they have to, rather than because they wanted to. And this will be an awkward one - it’s the RYA’s notice but they are just white labelling someone else’s product so the RYA actually don’t have much say in how it works.

 

[dunedin]

My point was it’s an existing and working system. Continually spending millions reinventing wheels is bankrupting the country, I was just saying we have better things to spent that money on than more consultancy.

But the data model would be VERY different, with minimal overlap. Plus very different security demands. So probably more expensive to adapt / extend ePCR than commisdion a new front end. IMHO

 

[lustyd]

The sPCR system works well for vessels with a single owner. It's barely usable for a club without breaching GDPR.

How so? Does it prevent adding the same boat in two accounts?

 

[lustyd]

The ICO doesn’t agree with you

Legitimate interest is always implied when collecting data, so actually they do agree. In this instance, informing people that the platform is closing is a legitimate interest, and one required by GDPR to inform users of what will happen to their data afterwards.

 

[lustyd]

But the data model would be VERY different, with minimal overlap. Plus very different security demands. So probably more expensive to adapt / extend ePCR than commisdion a new front end. IMHO

You're probably right that security demands would kill it. I don't think the model or interface would be drastically different, but if we slide into a central registration database that's not desirable at all.
I've done enough of this stuff to know that the consultancies will ensure it's expensive either way, and that the CG person signing it off will be given a well paid management role within a year of completion (just long enough to satisfy conflict of interest clauses usually).

 

[st599]

How so? Does it prevent adding the same boat in two accounts?

It tries to, requiring the previous person to use the boat to log in to their account and acknowledge the change. They did suggest having a single account for a club, but then you're sharing stored personal information with people who don't need access.

 

[ylop]

lustyd - this wasn't meant to be a GDPR debate (I have no grip with them using a legitimate interest basis to tell users - although legit interests are never automatic or implied). I was simply pointing out that if we haven't had comms from the RYA directly it *might* be because we have asked not to get them! FWIW - I'm surprised they are just transferring the data to HMCG without direct comms to the data subjects and wonder if the DPO's on each side are even aware.

 

[lustyd]

legit interests are never automatic or implied).

Legitimate interests are always implied. I’ve never seen anyone set these out explicitly and there isn’t a need to do so. If you give a business your information it’s expected they’ll use that to carry out the business you have with them and any further requirements they have as a result. It’s also assumed that they will keep that data to comply with regulations whether you request deletion or not, none of this needs to be spelled out.

 

[ylop]

Legitimate interests are always implied. I’ve never seen anyone set these out explicitly and there isn’t a need to do so. If you give a business your information it’s expected they’ll use that to carry out the business you have with them and any further requirements they have as a result. It’s also assumed that they will keep that data to comply with regulations whether you request deletion or not, none of this needs to be spelled out.

You'd better contact the ICO and tell them they have it wrong then! Keeping data to comply with regulations is not legitimate interest processing it is legal obligation processing.

 

[lustyd]

You'd better contact the ICO and tell them they have it wrong then! Keeping data to comply with regulations is not legitimate interest processing it is legal obligation processing.

I’ve submitted issues in the past. There was an issue after Brexit where for two years it was illegal for UK companies to store data in the UK. That led to a change in the law. Not many people noticed that.

Their guidance isn’t wrong here, just too much being read into it.

 

[Boathook]

Both the RYA and MCGA have quite publicly announced this via social media. Its a little surprising no email to registerred users - but without reading the entire privacy notice in detail they may not have permission (or we individually may not have given permission) for such messages.

You accepted an End User License Agreement which gave them the right to terminate immediately. Given it is a free product that is totally normal.

The RYA social media people have replied to other people today and it seems a factor in the decision is the producers of Safetrx have undergone a change of ownership and want people to use a paid product!

I don't look at rya and mcga through social media, but rely upon emails from them. I haven't noticed it in any email from the rya and they could target members as I have ticked various boxes that I sail a boat, dont race, do local and cross channel, etc.
I think that the last email from mcga was about the closure of the cg66

 

[Lucky Duck]

I logged my boat’s details on the website as a CG66 replacement, is this staying?

A few years back I was invited to validate the information but I think that is the one and only communication received

 

[RunAgroundHard]

I logged my boat’s details on the website as a CG66 replacement, is this staying?

A few years back I was invited to validate the information but I think that is the one and only communication received

From the link in Post 1. The article does not say what they will do with the data. I have deleted my SafeTrx account and all associated data. The Government database with my PLB and EPIRB has all the data that is needed to help with search and rescue.

The RYA and HM Coastguard are working together to ensure that the data originally provided to RYA SafeTrx will be transferred to a secure database within HM Coastguard. Users that do not want their data to be transferred to HM Coastguard are asked to delete their account prior to the service closing on 31 December 2025.

 

[lustyd]

The Government database with my PLB and EPIRB has all the data that is needed to help with search and rescue.

Good point but do CG look at that without activation?

 

[RunAgroundHard]

Good point but do CG look at that without activation?

I don't know. They might use all available data sources when receiving a distress message to cross check. It would make sense if they did.

 

[dunedin]

Good point but do CG look at that without activation?

Yes I wondered about that (the potential synergy / overlap with Ofcom EPIRB / PLB database). However, in coastal cruising in an emergency most will hit the red DSC button - which sends MMSI.
I wonder if the MCA would
(a) have any easy way to find contact details from the Ofcom database using MMSI only, particularly when a PLB is not generally linked to a single boat;
(b) go to the trouble to search if there is an Ofcom registration, as not all boats with MMSI will have a beacon.
Clearly a different process if the distress is initiated by the beacon.

 

[RunAgroundHard]

Well the mayday call was changed to include Call Sign and MMSI in the verbal part, of course as a cross check with the DSC alert, hence it might not be such a big deal to access databases.

 

[seeSimon]

You'll be saving £59 on membership because you didn't get a response to an email about a perceived bug in a free product they made available to non-members FOC, which is not actually made by the RYA just badged for them?

The RYA SAFETRAX system was touted by both the RYA, and the responsible UK Government authority, the MCA, as an essential safety system for all water users.

Even late this season HMCG operations rooms were (fairly f9rcefully) directing users at sea to use only SAFETRAX. See my prev post reference above).

As a result of it's introduction, other pre existing HMCG safety systems were "withdrawn".
(Don't forget, HMCG long-since gave up their dedicated heed set watch on Ch 16.)

Public/members Money/time was spent, money was perhaps "saved"? Doubtless, many meetings were held...

It's not some sort of bingo/gaming /shopping app, so why do you continue to excuse it as such?
Apparently, even as a registered user (aka "stakeholder??) I was supposed to learn of its demise only via "social media"?
This doesn't reinforce my faith in their abilities to actually use effectively the data they already hold.

Who then is responsible for this fiasco?

What will replace it? When?

Looks like I need to invest, perhaps in AIS? A a statutory mandated system it will be harder for them to ignore this?
However this will not be possible for many at-risk water users, who might previously relied on systems that have been haphazardly implemented, and then quietly abandoned.

 

[Boathook]

Just going through and deleting unwanted emails and found one from rya safetrax from 29th October 2025 asking me to confirm details and or delete account.

Some of the text is below -

IMPORTANT INFORMATION ABOUT YOUR RYA SAFETRX ACCOUNT

In 2018, HM Coastguard approved RYA SafeTrx (https://www.rya.org.uk/knowledge/safety/keep-in-touch/safetrx) as the replacement for its voluntary safety information scheme, better known as CG66, because it was no longer reliable for search and rescue. The data from CG66 was not transferred to the RYA SafeTrx database and boaters were invited to enter their details using either the RYA SafeTrx website or the RYA SafeTrx App.

Since then, we are aware that there are a significant number of user accounts that have never been logged into since their users created them. It's vital that we maintain the integrity of the database and that the information held is accurate and reliable for search and rescue.

To achieve this we need your help. We are now contacting everyone who has an account but has not accessed it for two years or more to ask them to confirm that they still require their RYA SafeTrx account or, if no longer needed, to delete it. The process is simple and should only take a minute or two to complete, see guide below.

What to do if you want to keep your RYA SafeTrx account details If you still want to keep your account and personal details, either log into the RYA SafeTrx App or go directly to https://safetrx.rya.org.uk You need do nothing else other than log on, but it might be a good time to check your personal data and your emergency contacts.

What to do if you no longer want to keep your RYA SafeTrx account details If you choose to do nothing, we will automatically close your account on 28-12-2025. If you wish to delete your details before this date, you can either:
· Log on to the RYA SafeTrx App, from the sidebar menu, choose 'My Profile', then 'Delete Account' you will be asked to enter your password.
· Log on to https://safetrx.rya.org.uk, choose 'Account details', scroll down the page and select 'Delete account'.

What happens to my personal details after it my account is closed?
If your account is closed, your personal details will be deleted from the RYA SafeTrx database. However, you can create a new account at any time you wish.


To my mind this is a rapid change by the rya / mcga. Whether it was bought about by so many people deleting accounts only the rya / mcga / safetrx would possibly know.

 

[Mark-1]

The RYA SAFETRAX system was touted by both the RYA, and the responsible UK Government authority, the MCA, as an essential safety system for all water users.

It's kind of comedic that it went from essential to completely unavailable without every going through a period where it was "Vaguely useful, use it of you want.".

I've never heard a CG in an emergency say "Ahh, yes, we've found your photo on CG66/SafeTrx so we know what you look like.". Maybe they used it, but I have my doubts.