An IP address isn't very useful for these purposes as any site ends up with a lot of false positives over time with that method.
Additionally it is relatively simple to run through a proxy. IPv4 addresses are also reallocated every 24 hours or so.
I do wonder how the Data Protect Act would apply to a mathematically one-way hash.
From what I read, it seems to only apply if the processing of personal information was done server-side, by the service provider (lichess for example), if that were the case then they would become a data controller and be subject to the Act.
If the one-way hash is generated and processed by the user as a requirement to create a new account and the Terms of Use agreement has the proper sections, its unclear.
Additionally since a proper one-way hash of a suitable digest size is randomized data its also unclear whether it would still be considered personal data.
Kinda a murky area, but online cheating is only getting worse as time goes by.
The World of Warcraft Warden (Blizzard)
http://www.gamesindustry.biz/articles/spies-like-us-the-law-and-blizzards-warden.
Standard Disclaimer:
I'm not a lawyer, just an interested individual. Posts and comments made by me should in no way be considered or substituted for legal advice. </end Disclaimer>