After a lengthy delay J4P is now in a position to write about the joint meeting we had with the Information Commissioner’s Office (ICO) and the Gambling Commission (GC) concerning data protection law. The delay was caused by a belated written reply from the ICO about J4P’s questions following the meeting.
There’s no point putting a ‘sugary coating’ on the initial outcome of the meeting; disappointing (so far; ever the optimists). During the meeting the ICO confirmed that gambling companies are breaching data protection law, but it would appear they and the GC have little intention of doing anything significant about it. It seems, it’s perfectly acceptable for gambling companies to breach data protection law, whereas for other sectors it’s not, e.g. charities.
Due to government cut-backs within its numerous ‘quangos’ and some appointed regulators J4P respects that regulators like the ICO have to prioritise and make difficult decisions, but J4P does not respect that these decisions should allow frequent breaching of laws, because this makes legislation worthless. This type of approach doesn’t protect consumers, because it allows corporations to do what they want.
Question for the ICO & GC: How much work does it really take to warn corporations to stop doing something or sanctions will follow?
Interestingly, it was confirmed in the meeting that gambling companies have been told not to do at least one thing, e.g. download intrusive trackers like Iovation and Threatmetrix when landing on website home pages without permission. Knowing this, would it be fair to assume that gambling companies might stop doing this? Of course not, the sickening answer to this is, “You’re having a laugh.” Have a look: https://justiceforpunters.org/paddy-power-threatmetrix-05-10-2018/
Anyway, enough of the moaning, at last we officially know where gambling consumers ‘stand’, e.g. breaches of EU and UK data privacy law is not a priority for regulators, so consumers have to change that.
What do the ICO want gambling consumers to do?
So, here’s the telephone number (0303 123 1113) and email (email@example.com). Live chat can be found here: https://ico.org.uk/global/contact-us/helpline/ An online form can be found here: https://ico.org.uk/global/contact-us/email/
J4P has been told that complaining directly to the ICO is the only way that the ICO will eventually take daily personal data breaches by the gambling industry seriously. We did request, as per the Competition and Markets Authority (CMA) investigation, if J4P could co-ordinate experiences and complaints, and then pass them to the ICO. This very successful approach in the case of the CMA has been rejected. J4P therefore has to rely on gambling consumers to complain directly.
J4P did point out strongly that some people have already complained directly to the ICO and were often disappointed by the service, but this made no difference.
J4P can’t stress enough how important it is for gambling consumers to complain, however what should people complain about?
What should gambling consumers complain about in relation to privacy law?
This is a real conundrum, because J4P’s meeting attendees are now more confused about data protection law since our meeting and the written feedback provided to our questions than we were before the meeting.
J4P has found that simple answers like ‘yes a company can do this or they can’t’ are often a dream prevented by classic ‘Yes Minister’ responses. As Sir Humphrey Appleby proved week in, week out; the life of a civil servant is to prevent clarity, not encourage it. And for goodness sake don’t make a decisive decision.
What follows has proved a real challenge, but this is J4P’s ‘best guess’ at present. A number of general things need pointing out to start with; how a gambling customer’s personal data is dealt with by a gambling company is guided by numerous pieces of legislation and gambling licensing guidelines; primarily:
- General Data Protection Regulation (GDPR) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ & https://www.gamblingcommission.gov.uk/PDF/Gambling-regulation-and-GDPR.pdf
- Privacy and Electronic Communications Regulations (PECR) https://ico.org.uk/for-organisations/guide-to-pecr/
- The Gambling Commission’s Licence Conditions and Codes of Practice (LCCP) https://www.gamblingcommission.gov.uk/PDF/LCCP/Licence-conditions-and-codes-of-practice.pdf https://www.gamblingcommission.gov.uk/PDF/consultations/Fair-and-open-consultation-response-August-2018.pdf
- Anti-money laundering law (AML) https://www.gamblingcommission.gov.uk/PDF/AML/Money-laundering-and-terrorist-financing-risk-assessment-March-2018.pdf
- Other criminal law
Some people reading this post will know that many gambling companies don’t do this; they just make things up.
Based on these five bullet points alone, J4P’s experience of helping people would suggest that we’d be amazed if a person had nothing to complain about to the ICO. Make your life simple; just think about the issue you were most annoyed about and ring 0303 123 1113. Keep focussed, get a reference number for your call, ask the ICO what you want them to do and if you’re disappointed by what they do let J4P know (firstname.lastname@example.org) and/or maybe make an official complaint directly .
The following table contains a timeline from first visiting a gambling website to closure of an account. It also includes a couple of issues relevant to betting shops.
NB 1: Ghostery url: https://www.ghostery.com/
NB 2: The following will delight many people. The ICO has met with Iovation and told them that they are a data controller in the UK, which means everyone has a right of access to the data they hold about anyone and their e-devices. You may wish to contact them using this template after adapting it for your use?
As we’ve pointed out, hopefully clearly (no irony there) this post contains J4P’s ‘best guesses’ and nothing more. So far, we’ve found it impossible to get simple answers from the ICO and GC about so many issues that affect privacy law, all we can do is make ‘best guesses’.
It’s quite clear that the ICO wishes people to complain directly to them. There’s nothing wrong with that, so long as their service reflects this request. J4P’s experience and those who have shared their experiences with us would suggest you may not be happy with said services, but do give it a try.
It’s very important that gambling customers put the gambling industry much higher on the agenda of the ICO by complaining. There are thousands of opportunities to complain every week, if not every day.
We do hope you will support J4P in our campaign to make gambling companies fulfil every aspect of UK and EU privacy law. As strongly outlined gambling companies are breaking data protection daily, only you can stop them and you should.