What changes for gambling companies with the EU Privacy Regulation?

The EU privacy regulation will force gambling operators and suppliers to a major change in their internal privacy compliance.

A new approach to privacy compliance

Based on my personal experience, privacy compliance has not traditionally been a priority for gambling operators and suppliers. This was also due to the fact that

  • operators and suppliers are usually based in countries that adopt a lighter approach to privacy compliance. But this is no longer going to happen with the EU General Data Protection Regulation (GDPR) which will entitle players to bring claims before the authority of their country of residence, rather than the country of establishment of the operator/supplier; and
  • fines were not frequent and their amount was in any case quite low. This is also going to change since – as covered in this blog postfines will be increased up to 4% of the global turnover of the breaching entity. And as mentioned above, such fines might be issued also by the data protection authority of the country where players – rather than the company – are based.

Players’ personalisations are at risk?

One of the main aspects that will be affected for gambling operators and suppliers is that the customisation and profiling of the gaming offering and marketing will require

  1. the prior express consent that shall be
    • separate from either the consent to the approval of the player agreement or the general consent to the privacy information notice; and
    • freely given and indeed bonuses/incentives awarded for marketing consents have been challenged by the Italian data protection authority in the past;
  2. the outline in the privacy information notice of all the modalities in which the collected data is used as well as the applicable legal basis, without the possibility to rely on a broad and generic wording;
  3. the performance of a “privacy impact assessment which shall have the features outlined in this blog post; and
  4. the implementation of a “privacy by design” approach in the setting up of the relevant technology.

Competitors might “steal” your customers due to the portability right?

The new privacy portability right risks to give a major advantage to new comers into the market. They might attract customers through bonuses and then encourage them to exercise their portability right. This would enable such competitors to perform a customised offering even in absence of prior trading history.

Precautions need to be put in place to limit the negative effects of such right. I covered them in this blog post, also after the issue of the guidelines by the Article 29 Working Party on the topic.

You need advice tailored on gambling companies

To get ready, gambling companies need to assess the GDPR’s impact on their organisation, taking into account their unique needs, the most frequent issues they encounter and the types of data processing activities they and their suppliers perform.

With more than 130 data protection lawyers worldwide and a deep knowledge of the gambling sector, DLA Piper’s Global Data Protection, Privacy and Security team is familiar with the most relevant aspects of the GDPR that can impact gambling companies.

We ran a webinar dedicated to gambling operators and suppliers with specific reference on the issues that they might face in relation to the adoption of the measures required by the EU Privacy Regulation. You can find the recording and the material of the webinar HERE and below is the presentation

Will you be ready by 25 May 2018?

Operators and suppliers now have until May 25, 2018 to ensure your data processing activities are in line with the newly adopted rules. It seems a long time, but the amount of work that has to be done is really considerable, especially for companies that never ran a privacy audit before.

On the topic, you may find interesting on the topic the following articles

#1 Which companies shall care about it?

#2 Will fines be really massive?

#3 Did you run a privacy impact assessment?

#4 New risks for gaming suppliers

#5 What changes with the one stop shop rule?

#6 How the new privacy data portability right impacts your industry

#7 What issues for Artificial Intelligence?

#8 How to get the best out of data?

#9 Are you able to monitor your gaming suppliers?

#10 What liabilities for the data protection officer?

#11 Are you able to handle a data breach?

#12 Privacy by design, how to do it?


Follow me on LinkedIn – Facebook Page – Twitter – TelegramYouTube  Google+

Don't miss our weekly insights

Show More

Giulio Coraggio

I am the head of the Italian Technology sector and the global head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our clients' success.

Related Articles

Back to top button