Online gaming hit by privacy exposé

The online gaming industry has been blasted for failing to protect gamblers’ privacy and shunning even the basic principles of data protection.
The claims follow a two-year study undertaken by Privacy International founder Simon Davies, which shows most companies hide behind the weaker laws offered by offshore tax havens.
The likes of Gibraltar, Malta, Jersey and Guernsey have much laxer regulations than European Union standards.
“This flourishing economic sector swims in an ocean of institutional illegality that places tens of millions of its customers at risk,” wrote Davies in a post on his new blog. He describes the “malpractice” in the sector as the worst he has seen in any licensed industry.
“There is a handful of online operators who, to some extent, make an effort at fairness and compliance. There are also examples of regulators who have attempted to do their job. By and large, though, the online gambling industry operates its personal information practices in lawless territory,” Davies said.
“The rights and protections that we should enjoy are being flouted by an industry that uses its unique economic positioning to confound regulators and induce small jurisdictions into submission.”
Globally, the online gambling industry is worth an estimated $135bn (£85bn) in revenue.
The problem, from a data protection point of view, says Davies, is that sites collect huge amounts of sensitive data about their users. “It is routine for sites to demand passport and credit card scans, drivers’ licences, utility bills and other personal documents. All the available evidence indicates that this information is stored permanently,” said Davies.
As a rule, however, companies do not delete this data when it is no longer required – contrary to the third and fifth principles of the Data Protection Act – preferring to keep it stored in case the gambler returns. “It is extremely difficult to close an online gambling account and, in my experience, impossible to have your data deleted.”
However, when Davies filed a complaint with the Information Commissioner’s Office (ICO) in the UK, the file was closed after three months. It claimed that the matter was not important and that the complaint did not warrant further action.
Davies concluded: “At the heart of the compliance problem identified here is the game of ‘pass the parcel’ between data protection regulators and gambling authorities. You could drive a starship through the security and privacy vagueness in the licence conditions, yet the mere existence of those vague conditions is enough to allow data protection authorities off the hook.”

Print Friendly