Online gambling business – ICO taking a look at user tracking. #DataProtection #GDPR

The UK Information Commissioners Office (ICO) is taking a look at lovation tracking software installed without users knowledge who log into online betting services.


The use of this software may be contravening the Data Protection Act (1998) as this Act requires data subjects to be aware if their personal information is collected and give permission for it to be used in ways they agree to and nothing more.

The timing of this investigation is crucial as GDPR will enter law next May and fines of up to 4% of global turnover will come into force for serious data protection breaches.

If you want to read more about the story click here.

If you want to learn more about Data Protection and GDPR click here.


Nexon data breach – did you hear about it?

Firstly I would like to thank one of our Consultants, Mark Goddard, for his expert opinion in this blog. Over to you, Mark…

So it’s happened again.  Another online gaming company have admitted that their customers’ personal details have been breached.  Nexon have confirmed that up to 13 million names, usernames, encrypted registration numbers and passwords had been hacked.  The reason you might not have heard about it?  ‘It’ was in Korea.  But let us be clear reader, that is no reason to stop reading, be relieved that it wasn’t you or your loved ones who were affected, or think that this does not affect you.

Online gambling and gaming platforms are complex beasties.  You might well be sat in the comfort of your own home / office / igloo, but your personal information, transaction history, and player information are not!  And that means bad people can access your information if the companies you entrust it to, are not careful with it.  We saw earlier in the year how Betfair’s customer information was hacked from Cambodia.  And let’s be clear, this wasn’t some nosey kid with an IQ of 210.  These were bad people who wanted our credit card information to do bad things with.

Likewise, Sony have had a bad year of it too.  In April and October this year their platform’s were hacked, hurting their image and share price.  So, what to do?

Well if you are a user, unfortunately you have very little individual control over how your gambling or gaming service provider protects your information.  Consider using a company based in the European Economic Area (they should have good data protection practice in place) and, when you sign up, watch out for agreeing to permissive disclaimers about where they can store or transfer your information to.  On your part; use strong passwords (e.g. G4mb!ng1 – it’s not that difficult but don’t use that one now!), change your password every so often and always change it if you think it may have been compromised.  Oh, and I know it is convenient to get the computer to ‘remember your password’ but it is just as secure as you think it is (i.e. not very!).

And if you are an online gambling, gaming, leisure or retail company?  Well, tell your customers what you do with their data (including where you keep it), stick to that, ask them if you want to change why or where you want to keep their data, and keep it secure using adequate technical, physical, management and personnel controls based on a sound risk assessment (truly, this need not be difficult, time-consuming or expensive).

Safe surfing!

Mark Goddard.