How Will the GDPR Impact on Casinos?

Posted by Harry Kane on Monday, February 26, 2018

Back in December, we wrote that four gambling operators had been found to have broken rules surrounding consumer privacy and protection. According to the Competition and Market Authority (CMA), these brands had applied “onerous and unfair” terms and conditions across various promotional offers, while also misusing data in a bid to target specific players.

This also created wider concerns about the use of data and the lack of clarity surrounding promotional offers in the modern age, and its fair to say that the majority of brands have responded well to the findings of the CMA.

With a new regulatory change looming in the form of the progressive GDPR, however, we ask how UK operators will be impacted in terms of data usage and the way in which they strive to engage their customers.

The Back-story – Companies Respond to the Claims of the CMA

When the initial report was released, the main focus was placed on the publication of unclear bonus terms that had the potential to mislead consumers and impact negatively on their experience. The biggest issue was the fact that vague restrictions were placed on accessing the money that players won through specific promotions, with withdrawals not permissible until a number of complex terms had been met.

More specifically, in some instances players were required to play for longer and place further wagers prior to accessing their winnings, creating a so-called trap that could ultimately cause them to lose their money.

After a brief period of consultation, gambling firms including William Hill, PT Entertainment and Ladbrokes have responded positively to the claims. They’ve also agreed to make fundamental changes to their online promotions and the way in which these are structured, in order to comply with the findings from regulatory bodies.

The changes, which are soon to be implemented industry-wide, will immediately make winnings accessible to players and simplify the rules surrounding the release of money garnered through promotional bets. As a result, gamblers will not need to play multiple times before qualifying and withdrawing their winnings, while any remaining restrictions must be made clearer to players before any agreement is entered into.

Any firms that are slow to adopt these measures or fail to do so at all will face significant sanctions, with the UK Gambling Commission (UKGC) increasingly keen on creating a more transparent and responsible experience for players.

The Introduction of the GDPR and What This Means for Operators

On a similar note, the CMA has also focused its efforts on safeguarding player data and privacy. This is a huge concern in the modern age, to the point where authorities have now confirmed that operators must not oblige players to participate in any kind of publicity or promotional activity.

This leads us onto the implementation of the General Data Protection Regulation (GDPR), which is a new EU directive that will come info force on 25th May and change the landscape for online casino operators across the length and breadth of the UK.

Since 1998, businesses and online casino brands in the UK have been required to comply with the terms of the Data Protection Act, which was developed following the initiation of the 1995 EU Data Protection Directive. This legislation has proved increasingly ineffective at safeguarding the needs of customers and businesses in the digital age, however, particularly has technology has continued to evolve at a considerable pace and created significant challenges in terms of cyber-security.

So, the EU has spent the best part of 4 years developing and refining updated legislation that is ultimately fit for purpose, while also enabling private businesses and casino brands to operate in a legal environment that is clear, transparent and ultimately easy to understand. Incredibly, the relatively simple practice of creating an upgraded and universally accessible data protection law has the potential to save firms within the EU an estimated €2.3 billion each year, which may in turn boost the profitability of companies throughout the private sector.

From the specific perspective of online casino operators, however, the implementation of progression GDPR legislation will afford everyday consumer far greater control of how their personal and most sensitive data is used. This is one of the fundamental reasons why the CMA have compelled operators to refrain from placing publicity obligations on players, as companies that indulge in such a practice under the terms of the GDPR could face huge sanctions from the EU and union regulators.

Given the shift towards liquidity sharing pacts in the online casino market, operators will need to work exceptionally hard to ensure that they successfully comply with the GDPR from May. After all, such agreements rely on the seamless sharing of customer data between multiple, real-time channels, but under new, GDPR legislation consumers will have a greater influence on how their information is used.

While large-scale agreements of this type have yet to be officially signed in the UK, even the the sharing of basic customer data between companies will be heavily influenced by the new legislation. With the UKGC also hopeful of entering into a progressive, liquidity sharing pact with American partners in the future, the GDPR will surely become increasingly impactful in the months ahead

Final Thoughts

Another interesting consideration is the utilisation of customer data to create profile and personalise bonus offers, as this has already caused concern among UK regulators. While this type of focused marketing is considered to be a core benefit of leveraging big data, it also has the potential to infringe new data laws and could well raise questions about the strategic targeting of vulnerable gamblers in 2018.

Given that the UK is set to leave the EU in March 2019, however, some may claim that the GDPR need not have a long-term impact on operators. The legislation will need to be enshrined in UK law when Britain finally departs from the union, however, before lawmakers decide whether or not to repeal this and implement its own, updated data protection laws.

Such a decision could cause further disruption among online operators, so this is something that regulators will need to approach with caution post-Brexit as they look to safeguard the needs of customers without restricting growth within the sector.