In episode 18 of The Gambling Compliance Podcast, host and editor Joe Ewens interviewed European Gaming and Betting Association Secretary General Maarten Haijer on the publication of the EGBA’s GDPR code, data protection and trends in Europe.
In June, the EGBA published the first sector specific GDPR code aimed at providing online gambling operators with assurance that they are complying with the complex provisions of the law.
Discussing the formation, Haijer highlighted the ever-growing concern of data protection for European citizens and the online gambling world, citing it as one of the reasons for its creation.
“There are some reputational issues involved in the data protection if the mistake is made these can have huge impacts. There’s the risks of fines if you don’t comply with the rules.
“We also think it’s really important for our sector, these are legal requirements, we think as an industry we need to show leadership and come up with ways of showing that we comply and we do even more and that we own our place in society.”
Prior to the code’s release, Ewens noted that there was increased apprehension in the industry around GDPR, which is largely in part to it being a very technical piece of legislation but also because there were big fines attached. Haijer was asked if he believed the same trepidation exists now.
“I think the anxiety was there within a wider community than just the experts, the data protection officers and that has died down a bit.
“I also think that there is maybe less concern about enforcement than there was before but that’s also partly because the enforcement agencies of the member states have just a huge backlog in work that they need to do. The fact that there is maybe a bit less noise around enforcement doesn’t mean that there aren’t big concerns out there.”
The code has been designed in such a way that allows for amendment further down the line, with Haijer believing that there is scope for it to be adopted by the EU.
He continued:“The first part of this process is submitting it to the data protection authorities for them to look at it and see whether they agree with it or not, in terms of whether it complies with requirements or not, whether it needs to be amended or not.
“Once we’ve done that, hopefully it will be approved and then we have an approved code of conduct. The next step could be that the commission declares a binding of the whole sector.”
When queried on any complex issues within the code, Haijer stated that an arising issue was portability rights, the rights a customer has to move their information between different operators.
“This portability is solely the right of you as an individual. We’ve included a little provision in there, in the sense of a possibility that one operator should be able to talk to another operator to make the process less cumbersome and easier for the consumer.
“That’s one of the additional elements of the code. It allows for probably an easier flow of information from one operator to another but again I need to stress only on the request as you as an individual. If it doesn’t see all the data that is from one operator, it’s only those that consent our fringes require.
“If you as an operator have algorithm generated data about you as a customer and that is not part of what is falling on the portability right, for instance you know your customer information is but the data that an operator generates based on the analysis of your behaviour isn’t.”
The conversation turned to responsible gaming with a particular focus on monitoring players’ deposits across different operators, a requirement which was proposed in Germany. Haijer was asked whether this could become a reality in Europe: “I think the requirements of operators to take responsibility for the behaviour of its customers are much bigger and stronger in our sector than most other sectors.
“This whole balance between data protection, privacy and some of the requirements from operators is a pretty serious question to think about in our sector. On one hand, it allows us to help our customers, on the other hand we are intervening in someone’s private individual behaviour. That’s pretty unique for our sector.
“I think the German data protection authorities have recently issued a quite strong opinion about the system from data protection concerns you can find it online I think the german sport association has it also on its website. They have serious concerns about this from a data protection point of view.
“That’s certainly not a done deal and we will be extremely hesitant for both data protection reasons but also for how in practical terms can you make that work. It’s extremely difficult to set up a system and whether it would be successful once you have a system that’s very much a question from a data protection point of view.
“The german data protection authorities which, granted, are pretty strict about data protection and have a very low tolerance for data protection issues. Especially coming from the states with obvious historical reasons but they are very concerned about it. We’ll have to wait and see where this goes to be honest.”
You can catch the full interview on The Gambling Compliance Podcast here.