General Data Protection Regulation (GDPR)

This is a forum for discussing privacy abuse. Some bookmakers secretly use insidious tracking techniques on computers and smartphones. The one product most talked about is 'iesnare', which is never specifically mentioned in terms and conditions, but there are plenty of other privacy abuses you may not be happy with. Let everyone know.
flook
Supporter
Posts: 10
Joined: Mon Jul 16, 2018 4:32 pm

Re: General Data Protection Regulation (GDPR)

Post by flook » Thu Aug 23, 2018 1:58 pm

Utter cop out from the ICO

I am writing in regards to your data protection concerns with Ladbrokes.

In my previous response to you I stated that we has written to the organisation asking for their perspective on the matter regarding third parties.

The Information Commissioner’s Office is satisfied with the organisations response. If you require a list of the categories of organisations that your data may have been released to, you may get in touch with the organisation, who will deal with your complaint accordingly.

As your account with Ladbrokes has been removed, you are now aware of their retention policy and if you require further information regarding third parties, the organisation will handle this request, there is nothing further that we can do on this occasion.

We will keep your concern raised on file, so that over time we can work to build up a picture of Ladbrokes information rights practices.

Thank you for bringing this matter to our attention

Jimmy Justice
Site Admin
Posts: 630
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Fri Aug 24, 2018 7:50 am

Agreed. The ICO doesn't understand or worse, chooses not to understand, how Ladbrokes and others use data in ways they don't explain to their customers, which is an offence the ICO should be dealing with, but they don't.

Our meeting with them is now only 6-days away; it's going to be lively!

JJ

dobie2089
Supporter
Posts: 10
Joined: Fri Jul 20, 2018 12:49 am

Re: General Data Protection Regulation (GDPR)

Post by dobie2089 » Thu Sep 06, 2018 8:18 am

Hi ,
Just wondered what the outcome of the meeting was , with regards to erasure and gdpr ?

Jimmy Justice
Site Admin
Posts: 630
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Thu Sep 06, 2018 9:36 am

I'm writing a piece for the website, but it will take a short while as we're getting written confirmation on a number of things that were said in the meeting, so I don't make any mistakes.

Very briefly; the ICO admitted that gambling companies were breaching differing parts of privacy law frequently. They also said they'd had meetings with industry representatives already including Iovation, because they are concerned about what is happening and they need to remind the industry in general of its responsibilities. The piece will mention what consumers can do to take these informal warnings from 'informal' to a proper investigation and hopefully action, including sanctions.

I will post a link on here when the meeting report is published.

Thanks for your interest.

JJ

BearHawk
Supporter
Posts: 1
Joined: Wed Mar 13, 2019 7:31 pm

Re: General Data Protection Regulation (GDPR)

Post by BearHawk » Thu Mar 14, 2019 9:58 am

Hi all

Just wanted to post my two cents

I’ve been gubbed by several online bookmakers including SkyBet, Betway and PaddyPower who’ve banned me from promotions, BOG and limited my stakes to low winnings. BetVictor have banned me from one sport in particular. A lot of bans and limits came about at roughly the same time.

I fired off an SAR to one of them to see what they held on me.

They data dumped me with hundreds of pages with hundreds of lines of all bets I made, IP addresses when logging on, all emails I sent to them and all withdrawals/deposits.

They didn’t include any emails or meeting minutes discussing me, my account or the reasons and decisions made to limit my winnings.

I’ve asked them for this, but hold no hope.

Cheers
BearHawk

Jimmy Justice
Site Admin
Posts: 630
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Fri Mar 15, 2019 9:19 am

Hi,

Thank you for your post.

Under GDPR, legally these companies have to provide you with everything they hold about you.

As you know traders will have made their decisions based on some sort of process. They will tell you due to their T&Cs that they don't have tell you the exact reason/s for restricting you, which is true, but under GDPR they DO have to tell you what process was used and if relevant what you were rated against and how you scored. If they say they didn't use a process involving a human, i.e. fully automated, that's good news, because it's illegal and you could take action against them.

I would also suggest very strongly that one or more of the companies will hold Iovation and/or Threatmetrix data about you. They have to provide this data as well, but will likely fight not to. This data will contain details about your suspected betting activity, e.g. arber, account restriction, etc. This data is shared between gambling companies who subscribe to these products. It relates to your e-devices, not you personally, although it is easy to link an e-device to a person.

I hope this helps and do not give up until you've got everything you want. Companies regularly, nearly always to be fair withhold data, which again is illegal.

JJ

edsisto
Supporter
Posts: 18
Joined: Sun Jan 28, 2018 4:35 pm

Re: General Data Protection Regulation (GDPR)

Post by edsisto » Thu Mar 21, 2019 11:15 am

I kept going back to WH and asking for more SAR details from them based on things from this thread and just get responses like:
Thank you for your email.

We can confirm that your account was restricted in XXX of XXX by our Trading team. Your account has been reviewed and we confirm we hold no IP information in Iovation linked to your account.

As advised previously, any restriction done on an account is done so at the discretion of the trader reviewing it. We have provided to you all the information related to your account.

Kind Regards,
As helpful as they always are.....

Jimmy Justice
Site Admin
Posts: 630
Joined: Wed Jan 13, 2016 9:16 am

Re: General Data Protection Regulation (GDPR)

Post by Jimmy Justice » Fri Mar 22, 2019 9:37 am

It is 99% certain that they do hold Iovation tickets about your e-devices, which will include IP addresses and much, much more.

Iovation are registered as a data controller in the UK now, the UK ICO made them register, so your other option is to go to their Data Protection Officer and ask for the same. I suspect they will claim they don't know your name or your account number at WH, so you will have to ask them for the type of information you can provide that will identify your present e-devices on their system. An IP address is a good starting point, but they will have details of all the following (and more):

Screen resolution, Device Type e.g. PC, MAC, etc.,Operating System e.g. Windows, OS X, Linux, etc., Device Time Zone, JavaScript on/off, Flash on/off, Flash installed?, Flash Version, Flash storage enabled/disabled, Browser Cookies enabled/disabled, Browser Type, Browser Version, Browser character set, Browser Menu Language, Browser Configured Language, IP Address, IP Geolocation: City, IP Geolocation Country Code, IPGeolocation Proxy Flag, IP Geolocation Country Name, IP Geolocation State/Region, IP Geolocation Time Zone, Internet Service Provider (ISP), ISP Organization; Fully-qualified domain name, CPU Count, CPU Speed, Operating System Version, System Model, Component Serial Numbers, MAC Address, DeviceName (MD5 Hash), Device Identifier, Device Locale, Device System Version, OS Build Number, Kernel Version, Kernel Build Number, Flash System Capabilities.

There will be what's called Iovation tickets that outline what gambling companies have posted in the Iovation database about your e-devices you must insist on getting these, they can be very enlightening. If you wanted to be really difficult you could ask for all the fraud checks Iovation has done on your e-devices.

I'm very aware, as you know, that the ICO rarely do anything useful when gambling companies breach their rules, but if Iovation refuse to comply with your request please do let me know and I'll take it up with one of the ICO's Directors who told me that Iovation must provide the information.

JJ

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest