Data overload

Texas

James Ashton, online affiliate expert and head of content at FindMyUKCasino.com, asks if the data gathered and held by online organisations is excessive. 

Data is one of the most valuable commodities in the world and this is certainly the case for online gambling operators. These organisations gather, analyse, act upon and store huge volumes of information about the players that interact with their brands and products. 

There are several reasons why these companies collect and use data. In some cases they are required to do so by regulators and lawmakers in the markets they operate in, and in other cases it is because they can use this data to acquire and retain customers.  

This puts the data they gather into two clear categories – information they must collect and store and information they choose to collect and store. There is nothing wrong with this, of course, but some are questioning whether the data being gathered by these operators is becoming excessive. 

To decide, it is important to look what type of data is being collected, why that data is being collected and how that data is being used. Let’s take a closer look at the two main types of information online gambling companies gather. 

The first is personal information and this is used to identify the player. This includes their first name, second name, email address, telephone number and date of birth. Financial information such as debit card numbers is also required for the player to make a deposit. 

Online gambling organisations in the UK are required to obtain this information by the Gambling Commission as part of the process they must go through to verify the player’s identification and to prevent underage play or play from those that have chosen to self-exclude.

Financial information is required as part of payment processing and also to prevent money-laundering and fraud. In most cases, the player will provide this information when they create an account at an online gambling site. 

The second type of data gathered is non-personal information and includes things like aggregated usage data and technical information sent from the device the player is using to access the site. This includes browser/operating system, language, time of access and previous site visited. 

Operators are not required to gather and analyse this information by the UK Gambling Commission. They are gathering it because they want to and because they can use it, alongside personal information, for activities such as marketing, product development and complaint resolution. 

This is legally fine so long as online gambling organisations – and other businesses that collect, analyse and act upon in the same and similar ways – can prove under the Data Protection Act 2018 that they are doing so lawfully. 

There are six lawful bases for companies to gather consumer data. In most cases, online gambling brands say they are doing so in order to implement a contract with the individual – the player opening an account with the operator. 

But the Gambling Commission also requires operators to do all they can to track, monitor and prevent problem gambling among players. To do this, they must gather, analyse and act upon behavioural and usage data and this is where potential problems can come in. 

While operators will undoubtedly have obtained user consent (one of the six bases for data collection) to gather this information, data protection specialist Scott Dixon believes that at first glance this could be seen to be excessive. He also raises concerns about the use of Cookies. 

Currently many companies – including online gambling organisations – are using consent as the lawful basis to collect and process personal information. But Dixon suggests this consent does not meet the requirements of data protection legislation and could therefore be unlawful.

This is something that data regulators are discussing at the moment and will undoubtedly lead to changes to Cookies and consent in the near future. But it could be argued that businesses should be doing more now to ensure they are behaving responsibly when it comes to data. 

In most cases, online gambling organisations are gathering, using and storing data within the guidelines set but it could be argued that in some cases what they are doing is excessive and the reasons for collecting this information are more about marketing and product development. 

This data is obviously of high value and like other businesses is critical when it comes to ensuring they continue to attract new customers while also retaining and reactivating those already engaged and signed-up with their brands and sites. 

This in itself is fine so long as they do have consent, but I would argue organisations should be much clearer with customers about the data they are gathering, why they are gathering data and under what basis their personal and non-personal information is being collected and used. 

Sure, this information can and should be available in the company’s privacy policy but in most cases these documents are incredibly difficult to read and understand. In my opinion, this is not taking a responsible approach to data and ultimately prevents consumers being able to properly consent. 

So yes, the information being gathered, analysed and stored is in some cases borderline excessive, but more worryingly is the reluctance of companies both in and out of the gambling sector to be open and honest with consumers about data. 

Those that are really committed to operating responsibly and transparently should look to change their approach to data now as ultimately, they will likely be required to do so by law. But by doing the right thing now, they will be able to foster greater trust and respect among consumers. 


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.