European Gaming News
Gambling Affiliates’ Guide to GDPR
Reading Time: 7 minutes
As of the 25th May 2018, the GDPR comes into effect, and its influence will be felt across virtually every industry imaginable where data is being collected and used on individuals located in the EU. Its overall aim is to ensure better protection of consumers’ information, both online and offline, by enforcing regulations on how data is collected, processed and secured.
What is GDPR?
GDPR stands for General Data Protection Regulation. It’s the result of over 6 years of preparation and consultation over data privacy concerns for EU consumers. The way in which data is collected and used today is profoundly different to how it was a decade ago. According to a report published in 2016 by IBM, “90 percent of the world’s data had been created in the last 12 months” and “many data analysts are suggesting the digital
universe will be 40 times bigger by 2020”.
Prior to GDPR, the ‘Data Protection Directive 95/46/EC’ attempted to harmonise the practices of EU member states in terms of their approach to data privacy. Directive 95/46/EC built on the ‘Guidelines on the Protection of Privacy and Transborder Flows of Personal Data’ first published in 1980, which was acknowledged by both the European Union and the United States, as a way to protect personal data and individuals’ privacy.
These guidelines still form the basis for the GDPR, but as they and Directive 95/46/EC were merely guidelines and directives, a more stringent and consistent approach was required to “protect the fundamental rights of individuals throughout future waves of innovation”.
The GDPR not only unifies the approach to data privacy across the EU, it also regulates it, meaning it is enforceable by law, and in turn carries penalties of up to 4% of annual turnover, or €20 million, whichever is the greater.
Pinch yourself all you like, this is happening affiliates, and failure to act now is nothing short of corporate suicide..!
Consent
The main way in which the GDPR aims to protect data subjects (individuals), is through consent. Data subjects must be made aware of the data being collected on them, why it is being collected, what will be done with it, and how long it will be retained for.
Personal Data
The most important thing for affiliates to realise is what Personal Data includes. It doesn’t stop at names, email addresses and phone numbers; it extends to social media posts, IP addresses, and even information stored in tracking cookies.
The GDPR defines it as..
“any information relating to an identified or identifiable natural person”
And importantly..
“an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The use of the words ‘directly or indirectly’ is important here. Just because a person’s name and address isn’t stored in a cookie, it doesn’t mean that the information in that cookie can’t be used to identify them. Cookies used by ad networks are able to track an individual from one site to the next, extremely well. In fact, they can potentially track a user across millions of websites.
Not only must you pay attention to any data you are collecting directly from individuals, such as name, phone number, email address; you must also think about what tracking codes and analytics software you have installed on your websites, which are used to build a ‘profile’ of someone, usually for advertising purposes.
Standard analytics code doesn’t track users across websites, so providing you don’t have any advertising features enabled in your Google Analytics (or other) code, then you won’t necessarily need to obtain consent before setting those cookies. Anything more will require clear and concise consent from your visitors though, ensuring the request for consent includes what, why, and how that data is being collected and used.
Informed Choice
The ‘Cookie Law’ introduced in 2011 (yes, it’s been 7 years!) targeted the usage of non-essential cookies i.e. those not entirely necessary for the basic functionality of a website. However, it didn’t offer users much control or choice.
The GDPR aims to change this in that users should be given a choice as to whether or not they agree to non-essential cookies being stored on their computer/browser. Now, accepting that cookies used by standard analytics software aren’t essential, and that they don’t contain ‘personal data’, then where does that leave us? Well, the answer lies in transparency. So long as you are clear in your ‘request for consent’ that the cookies used in your analytics software don’t collect identifiable data, nor are they shared across websites, then you should be fine. Otherwise, if they do (i.e. you have advertising features enabled), you must obtain consent from each and every visitor before setting those cookies.
Newsletter Subscriptions & Accounts
Similarly, if you have a newsletter subscription or account creation feature on your website, then you must obtain consent from users before you can collect their data. Common practice has usually been to present a “Send me occasional news by email” or “I agree to the website T&Cs” checkbox to users. This practice is now imperative, and furthermore, the declaration should be a request for consent, and should point to your Privacy Policy (it can’t be hidden in your T&Cs) which contains the full ‘request for consent’ in a clear and intelligible form, remembering to detail the what, why’s and how’s.
And whatever you do, don’t pre-tick the checkbox, or have any kind of “opt-out” option. Consent must be definitive, and unambiguous, and a timestamp of when that consent was obtained, and what the user was consenting to, must be recorded for audit purposes.
If your current privacy policy doesn’t satisfy the conditions of the GDPR, then you will need to obtain additional consent from your existing users or subscriber base.
In addition, “it must be as easy to withdraw consent as it is to give it”. Users must be offered an option to unsubscribe in all communications, or delete their account on your platform.
Think about what data you’re collecting, and whether you really need to. Obtaining consent to collect that data may present more risks than what it’s worth. Additionally, if you later decide to start collecting more data than is detailed in your original privacy policy (or the terms of your privacy policy change), then you will need to obtain additional consent to the updated privacy policy.
Affiliate Tracking Codes
Affiliate tracking cookies are fundamental to online gambling affiliates. Most affiliates are unlikely to want to offer users the ability to disable their tracking codes, and strictly speaking, as the cookies do not (shouldn’t) contain identifiable data that is shared between websites, then it might not be necessary.
However, affiliates should still be crystal clear about what cookies may be set as a result of clicking links on their site, why they’re being set, and how they’re being used. It would also be prudent to offer advice about how users can block these kinds of cookies, for those who choose not to have them set.
Data Subject Rights
The GDPR also empowers individuals with control over their data, as well as outlines a number of responsibilities organisations must adhere to in order to fulfil individuals’ rights to access and control the data held on them.
Affiliates must be aware of their responsibilities, and put plans in place to be able to handle those responsibilities:-
Right to Access
Data subjects have the right to know what data is held on them, and how it is being used. They also have the right to request access to that data, which must be delivered to them with 1 month of the the request, in a standard electronic format, free of charge, such that they can transmit that data to another data controller (organisation) should they wish to (Data Portability).
Right To Be Forgotten
Data subjects will also have the right to be forgotten and have any data held on them deleted. Such data will include their personal information, as well as any data which could lead to them being identified, directly or indirectly. If you have implemented any tracking solutions which create a link between the data you hold, and data stored in third party software, then that link will also need to be deleted, and potentially the data stored in the third party software.
Privacy by Design & Security
The GDPR will enforce strict penalties on organisations that have failed to invest appropriate resources into securing their systems, and preventing access of data to unauthorised persons, both online and offline…
“The controller shall..implement appropriate technical and organisational measures..in an effective way..in order to meet the requirements of this Regulation and protect the rights of data subjects”.
Affiliates should ensure that any data they collect and process has been secured from the outset. If freelancers, designers or content writers have access to data unnecessarily, then it should be restricted. Similarly, any physical data should be locked safely away to prevent unauthorised access, and any new systems or website features should be designed with data privacy in mind.
Thought should also be given to data that can be encrypted – it may no longer be acceptable to only encrypt passwords.
Breach Notification
Organisations will be required to notify their appropriate Data Protection Authority within 72 hours of a data breach, where that breach is likely to “result in a risk for the rights and freedoms of individuals”. The gambling industry carries many negative connotations – most individuals probably wouldn’t want their identity associated with a gambling-related website, and so any data breach in this industry is likely to fall into the above category.
Data Protection Officers
Organisations who deal with large scale data processing or ‘special’ categories of data will be required to appoint a Data Protection Officer. Whilst this might not apply to most affiliates, they must understand their responsibilities as data controllers (and/or processors) to ensure the safety and security of data they hold, and ensure it isn’t shared or otherwise fall into the wrong hands. They should keep appropriate internal records, and ensure that their records are auditable.
This article contains general information for affiliates to make their own informed decisions about the upcoming GDPR. You must not rely on the information in this article as an alternative to professional legal advice. The article has been contributed by Pavlos Sideris of Cashbacker – the leading gambling cashback community.
Source: European Gaming News
European Gaming News
Could the Gambling Commission ban wagering requirements?
Wagering requirements; whether you love them or hate them, with the Gambling Review well underway, there’s never been a better time to debate if they still have a place in modern gambling and whether the upcoming review will ban them once and for all. But first, let’s look at their development and why they are a contentious issue in the industry.
What are wagering requirements?
Wagering requirements are a common term and condition attached to a bonus that prevents players from taking a promotion and withdrawing it immediately. They are applied differently by each gambling brand. Some, like PlayOJO, Paddy Power, MrQ and Betfair, have revolutionised the casino scene by offering no wagering bonuses. In contrast, others take the predatory route and list bonuses with up to 100x requirements (the average is around 30x).
The requirement is the amount a player must wager at the casino before any winnings made with a bonus are valid for withdrawal. In the case of a £100 bonus, a 30x requirement would mean a player must wager a total of 100×30=£3,000 before they could withdraw any winnings. Most players would easily decimate their winnings before fulfilling the condition and, as most bonuses expire within 7-14 days, may well be forced to play for periods, or at times, they otherwise might not.
Why do wagering requirements exist?
In the early days of online casinos, bonus hunting among players became widely popular. It led to forums where players shared information on where and how to profit from the best welcome bonuses, earning money from the available offers available and never playing at a site again.
As casinos began to notice players taking bonuses and withdrawing without using them fairly, they combatted the practice with wagering requirements and other terms, such as the ability to withdraw a bonus and any winnings made if an account was suspect of this activity.
However, with no limits or official licensing rules to regulate wagering requirements at that time, things soon got out of hand as operators set high limits that were and still are unattainable to most players. Additionally, in many cases, the terms and conditions were not clearly displayed or explained, leading to the confiscation of bonuses and winnings without players understanding how or why they’d fallen foul of the casino’s rules.
Wagering requirements under fire with UKGC
By 2014, and following a flood of player complaints, the Gambling Commission weighed in, creating the Gambling (Licensing and Advertising) Act which prescribed operators were to advertise their bonus terms and conditions clearly and explain them to players. This led to some reducing their requirements to more feasible levels. However, not all operators followed suit, hence why we’re still discussing wagering requirements today.
More recently, in February 2022, the UKGC set its sights on reforming wagering requirements again, issuing new guidance regarding fair and transparent terms and practices, which acknowledged that wagering requirements could lead to excessive play, not in line with social responsibility rules for operators.
The new guidance rules cited that licensees used potentially unfair terms, with examples including:
- “terms that allow licensees to confiscate customers’ un-staked deposits
- terms regarding treatment of customers’ funds where a licensee believes there has been illegal, irregular or fraudulent play
- promotions for online games that have terms entitling a licensee to void real money winnings if a customer inadvertently breaks staking rules
- terms that unfairly permit licensees to reduce potential winnings on open bets.”
It also stated that the Commission was aware of:
- “terms and conditions that are difficult to understand
- welcome bonus offers and wagering requirements which may encourage excessive play.”
While the guidance did not contain rules for abolishing or limiting wagering requirements, they instructed licensees to review their terms and conditions to ensure they fit consumer protection laws and that; “The LCCP requires rewards and bonuses to be constructed in a way that is socially responsible. Although it is common practice to attach terms and conditions to bonus offers, the Commission does not expect conditions, such as wagering requirements, to encourage excessive play.”
Will wagering requirements be banned?
With the Gambling Review white paper currently overdue and keenly expected by all industry stakeholders, many wonder if it will cover wagering requirements or, more specifically, exclude them from casino practice. The Gambling Review aims to update the 2005 Gambling Act, fit for the modern age, and wagering requirements would undoubtedly slot into the remit of what’s being discussed, which includes greater player protections and affordability checks.
While it’s clear that some big-name operators and affiliates like No Wagering are pioneering the way in bringing zero wagering bonuses to players, many sites have not followed suit. This is despite clear evidence that players favour fairer bonuses (PlayOJO is one of 39 brands operated by the same parent company, it is the only one with zero requirements, and it’s the most successful of all, according to the company).
Realistically, we’re not sure that the new gambling regulations will ban wagering requirements completely (as we covered earlier, they do exist for a reason), but it certainly wouldn’t be beyond the imagination for there to be a maximum cap applied in the view that excessive requirements equate to excessive play.
What’s next for operators and bonuses if wagering requirements are banned?
Bonuses are one of the most important factors for players in picking between casino sites, and they make players feel lucky to score something for free straight off the bat (even if the wagering requirements mean this is not really the case).
If wagering requirements are banned, operators unwilling to offer bonuses without wagering requirements will have to return to the drawing board and reimagine rewards, especially welcome offers. Alternatively, they could begin competing based on other USPs, such as focusing more on the casino product to pull in the punters by offering unique games, making space for indie developers, having instant withdrawals, or gamified loyalty benefits and better loyalty clubs.
Moreover, it would present a fantastic opportunity for remote operators to move away from the tired system of matched deposit bonuses towards more exciting and fresher ideas like promo wheel spins, mystery gifts on first deposits, prize draws and so on. With brands including PlayOJO, Paddy Power, MrQ and Betfair already doing this, operators do not lack a blueprint to success, just the gumption to embrace a new model.
Bulgaria
Betway Bulgaria officially launches, offers live and bet-builder options
Another company has officially launched its activities in the growing niche of online betting in Bulgaria. But here we are not just talking about another operator licensed by national institutions, but about a leading brand worldwide. Betway is one of the largest bookmakers in Europe and globally, and the fact that it already offers its services in Bulgaria speaks positively about the development of the gambling business in the country.
Indications of an increase in the size of the industry appeared last year, when several operators received a permit to operate under Bulgarian jurisdiction. It is unlikely that this process will end with the official launch of betway bulgaria, rather the brand entering the country can be perceived by international operators as a positive assessment of the market in Bulgaria. What can we find at Betway besides the obvious – increased competition and of course more choice for consumers?
What do we find in the sports section?
Sports betting – this is the leading sector of the company, which started operations in 2006. The brand is associated with a number of teams in Europe such as Tottenham, Atletico Madrid, Leicester, Alaves, Belenenses, Werder, etc. Of course, the top championships in Europe are present in the latest betting platform, but that’s not all. Betway offers the opportunity to make predictions at less popular UEFA championships. The fans of the Bulgarian championship have options too. All matches of the First League are present in the bookmaker’s menu, and are offered with dozens of choices for each of them.
Real-time bets and long-term combinations
Live bets are a big thrill for many players. This option is present at Betway, and this also applies to the mobile version, of course. It is not difficult to detect current events – they come first when loading the platform. And with them the bookmaker really comes up with interesting offers, some of which are rare on the Bulgarian market. The outcome of the bets become clear in literally seconds if the next goal market or one of the performance options is selected.
In addition, the company accepts predictions with a much longer horizon. It is now standard to bet on who will be the champion in England, Spain, Italy or Germany. However, there are also specific markets and selections for certain teams – will Barcelona take the trophy this season, will Liverpool reach the final in at least one of the tournaments in which it participates, etc. And if users don’t find what they’re looking for in these offers, they can always turn to the betting menu. The bet-builder is still limited to one match, from which we can choose two or more selections until the desired odds are formed. This is the most appropriate way to optimize the bet according to personal preferences and therefore it is increasingly preferred by the players.
Betway’s first steps on the Bulgarian market are impressive. And this is just the beginning, we can expect even more in the near future.
European Gaming News
EveryMatrix inks RGS Matrix agreement with Wild Boars
EveryMatrix announces the second RGS Matrix partnership with Wild Boars, newly launched gaming studio that aims to bring creative storytelling and a fresh feel to the gaming industry.
Launched in 2019 as EveryMatrix sixth standalone solution, RGS Matrix enables gaming development teams to distribute, manage, and report upon a proprietary game product portfolio.
This ‘out of the box’ remote gaming server was built on an open architecture and caters for outstanding player experience, consistent deployment, and quicker content integration.
Mathias Larsson, Managing Director of RGS Matrix, says: “This is our second RGS Matrix agreement and it brings me a lot of joy to know that our solution starts gaining momentum in the market. Our remote gaming server aims to help the new generation of game builders by providing all the means to create, design, distribute and manage games.
“The team of Wild Boars is experienced, skilled and highly creative. I am looking forward to seeing their games live and appreciated by players in many countries.”
Oleksandr Yermolaiev, Managing Director of Wild Boars, comments: “We truly believe that choosing a right partner is crucial for success. For us, RGS Matrix and its remarkable team is just that partner. We are excited to use EveryMatrix solution, focus on what we do best and bring our innovative games to a wide range of operators, territories and players. RGS Matrix is dashing ahead and we are happy to join the ride.”
RGS Matrix powers slots and table games, and is currently certified for Malta, Latvia, Lithuania, Estonia, Sweden, Spain, Denmark, Romania, and Colombia, with many jurisdictions to come in the upcoming years.
-
Latest News3 months ago
MIRACL partners with Continent 8 to offer its single-step passwordless MFA solution to simplify the login experience
-
Latest News3 months ago
ACR Poker’s OSS XL Exceeds Guarantee With Over $46 Million In Prize Pools
-
Latest News3 months ago
Match of LeGGends: Double Down. Highlights of the show match between NAVI and Team Vitality
-
Latest News3 months ago
FBMDS and FBM Foundation host solidarity keepy-uppy initiative at G2E Las Vegas 2024
-
Latest News3 months ago
NEW HORIZONS FOR ZETTAONLINE AFTER SBC SUMMIT
-
Latest News3 months ago
1spin4win joins forces with SoftGamings to bring classic slots to new markets
-
Latest News3 months ago
Paysafe launches strategic partnership with GiG
-
Latest News2 months ago
How Slot Gamers Shape Storylines Through Interactive Choices
You must be logged in to post a comment Login