ICO’s Gaming Affiliate Data Protection Clampdown – Advice for Affiliates
21 November 2016 - 15:16, by , in Uncategorized, No comments

The Information Commissioner’s Office (ICO), the UK’s regulator of the Data Protection Act (1998) and the Privacy and Electronic Communications Regulations (PECR), sent out a letter to over 400 affiliates in the UK, pointing the finger at them for breaching PECR by sending unsolicited communications to prospective customers. Whilst the segmentation of this cohort of affiliates appears to have been somewhat haphazard, the iGaming affiliate industry needs to acknowledge this shot across the bows and take the learnings from it without hesitation.

PECR act as the UK’s endorsement of an EU ePrivacy Directive and seek to give people specific privacy rights in relation to electronic communications.

There are specific rules on:

  • marketing calls, emails, texts, direct messaging through social media and faxes;
  • cookies (and similar technologies);
  • keeping communications services secure; and
  • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

Dave Sawyer, from OnlineCasinoReviewer, popped over to ask us about our thoughts on the ICO’s action and our advice for affiliates, which can be seen in the video below.

Most affiliates in the UK will be aware of the cookie consent check that began appearing on website across the land a few years ago as a result of these regulations – and most probably applied something similar on their own sites – but may not be aware of the requirements surrounding the capture, storage and communication with an individual’s data. Whether or not you have been in receipt of a letter from the ICO pointing the finger, our advice is to first read up on PECR here, and then to consult a lawyer if you believe you have breached the regulations.

The ICO exists first and foremost to ensure people comply, so if they have been in touch and you have done nothing in breach of the Data Protection Act or PECR, simply reply to the letter in writing or email elaborating as much. If you do need to change the way you capture data and communicate with previously registered customers, ensure that you comply with PECR and enact any required changes in what you do both going forwards and retrospectively. If you capture data online and use it for any marketing purposes (for instance a newsletter…), chances are you’ll need to register with the ICO (£35 per year). The ICO offers a self-assessment form to assist you in ascertaining whether you need to register.

This includes any affiliates operating outside of the UK and targeting UK consumers – and wherever you are based and targeting customers, we advise you to read up on local data privacy laws. The ICO – as is the case with equivalent data protection law enforcement bodies worldwide – has the ability to audit any business and can gain access to your records through court ordered warrants both domestically or through partnerships with overseas counterparts – as happened in this instance, with the ICO collaborating with the Canadian Radio-television and Telecommunications Commission (CRTC), who sent Income Access a written “Notice to Produce” – a document which legally compelled Income Access to identify UK affiliates using its software or platform.

About author:

Leave a Reply