The European Gaming & Betting Association has today (10 June 2020) announced the publication of a Code of Conduct for online gambling operators that provides guidance for operators of online gambling services in processing personal data in compliance with the General Data Protection Regulation (‘GDPR’).
The Code (that you can download below) provides important guidance and rules in relation to the personal data processing activities through the use of case studies, summaries and examples of good practices for operators. It addresses specific features of the online gambling services sector, providing operators with clarity on areas where interpretation on GDPR implementation is needed, as well as ensuring that players feel confident that their personal data is used appropriately.
The Code takes into consideration the guidelines of the European Data Protection Board, as well as the guidelines issued by the different Supervisory Authorities. In the UK, the Supervisory Authority is the Information Commissioner’s Office (‘ICO’).
Under the terms of the European Union (Withdrawal Agreement) Act 2020, the UK is presently in a transition period until 31 December 2020 – subject to any extension of time that may be agreed – to allow time for negotiation of its future relationship with the European Union. During this transition period, EU laws (including the GDPR) will continue to apply in the UK, where the GDPR needs to be read in conjunction with the Data Protection Act 2018.
EGBA’s press release on this subject reads as follows:
EGBA Demonstrates Commitment To GDPR With Sectoral Code Of Conduct For Data Protection
New Code establishes rules and best practices to strengthen data protection in the online gambling sector and is one of Europe’s first sector-specific initiatives to support compliance with the GDPR.
BRUSSELS, 10 June 2020 – The European Gaming and Betting Association (EGBA) has today published a Code of Conduct on data protection which establishes dedicated sector-specific rules and best practices to ensure compliance with the EU General Data Protection Regulation 2016/679 and promotes the highest standards of data protection in the online gambling sector.
The Code of Conduct on Data Protection in Online Gambling sets long-term data protection standards for Europe’s online gambling sector and is intended to complement and reinforce the sector’s compliance with the GDPR. The Code is one of Europe’s first ever sector-specific self-regulatory initiatives to support compliance with the GDPR. The Code is part of EGBA’s wider efforts to drive standards in the online gambling sector and is in accordance with the GDPR, which encourages the use of sector-specific codes to support the proper application of its provisions.
The Code introduces specific measures and best practices on:
All EGBA members will adhere to the Code and it is also open for signature to other online gambling companies licensed in the EU/EEA. Compliance with the Code will be monitored by an independent third-party monitoring body.
In line with the requirements of the GDPR, the Code has now been submitted to the Maltese Data Protection Authority for formal approval of the Code’s compliance with GDPR. This is a process which involves data protection authorities in other EU countries, and the European Data Protection Board, and can last between 18-24 months.
“On the 2-year anniversary of the GDPR, issues around data protection, privacy and the use of personal data are still a concern for many European citizens. That’s why we’re pleased to introduce this new code which demonstrates the online gambling sector’s commitment to protecting the personal data of our 16.5 million customers and supporting the success of the GDPR. We’re pleased to be one of Europe’s first industry sectors to introduce a self-regulatory code which supports compliance with GDPR. Data, and how it is used, is playing an increasing important role in how citizens and business interact online – and the online gambling sector is no different. This code outlines how online gambling companies should ensure their customers understand how their personal data is being used and provides important guidance on how companies should use personal data in their interactions with customers, including how they identify and address problem gambling behavior in their customers.” – Maarten Haijer, Secretary General, EGBA.
 Article 40, General Data Protection Regulation 2016/679.
In 2018, we reported on:
- the ICO’s Guide to the GDPR
- the Gambling Commission’s GDPR Information Note
- the Remote Gambling Association’s GDPR Guidance
You can also read here David Clifton’s May 2016 article in Issue 98 of iGaming Business about the major consequences of GDPR for gambling operators.