Connect with us
SIS

Affiliate Industry

Gambling Affiliates’ Guide to GDPR

George Miller

Published

on

Gambling Affiliates’ Guide to GDPR
Reading Time: 6 minutes

As of the 25th May 2018, the GDPR comes into effect, and its influence will be felt across virtually every industry imaginable where data is being collected and used on individuals located in the EU. Its overall aim is to ensure better protection of consumers’ information, both online and offline, by enforcing regulations on how data is collected, processed and secured.

What is GDPR?

GDPR stands for General Data Protection Regulation. It’s the result of over 6 years of preparation and consultation over data privacy concerns for EU consumers. The way in which data is collected and used today is profoundly different to how it was a decade ago. According to a report published in 2016 by IBM, “90 percent of the world’s data had been created in the last 12 months” and “many data analysts are suggesting the digital

universe will be 40 times bigger by 2020”.

 

Prior to GDPR, the ‘Data Protection Directive 95/46/EC’ attempted to harmonise the practices of EU member states in terms of their approach to data privacy. Directive 95/46/EC built on the ‘Guidelines on the Protection of Privacy and Transborder Flows of Personal Data’ first published in 1980, which was acknowledged by both the European Union and the United States, as a way to protect personal data and individuals’ privacy.

 

These guidelines still form the basis for the GDPR, but as they and Directive 95/46/EC were merely guidelines and directives, a more stringent and consistent approach was required to “protect the fundamental rights of individuals throughout future waves of innovation”.

 

The GDPR not only unifies the approach to data privacy across the EU, it also regulates it, meaning it is enforceable by law, and in turn carries penalties of up to 4% of annual turnover, or €20 million, whichever is the greater.

 

Pinch yourself all you like, this is happening affiliates, and failure to act now is nothing short of corporate suicide..!

Consent

The main way in which the GDPR aims to protect data subjects (individuals), is through consent. Data subjects must be made aware of the data being collected on them, why it is being collected, what will be done with it, and how long it will be retained for.

Personal Data

The most important thing for affiliates to realise is what Personal Data includes. It doesn’t stop at names, email addresses and phone numbers; it extends to social media posts, IP addresses, and even information stored in tracking cookies.

The GDPR defines it as..

any information relating to an identified or identifiable natural person

 

And importantly..

an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

 

The use of the words ‘directly or indirectly’ is important here. Just because a person’s name and address isn’t stored in a cookie, it doesn’t mean that the information in that cookie can’t be used to identify them. Cookies used by ad networks are able to track an individual from one site to the next, extremely well. In fact, they can potentially track a user across millions of websites.

 

Not only must you pay attention to any data you are collecting directly from individuals, such as name, phone number, email address; you must also think about what tracking codes and analytics software you have installed on your websites, which are used to build a ‘profile’ of someone, usually for advertising purposes.

 

Standard analytics code doesn’t track users across websites, so providing you don’t have any advertising features enabled in your Google Analytics (or other) code, then you won’t necessarily need to obtain consent before setting those cookies. Anything more will require clear and concise consent from your visitors though, ensuring the request for consent includes what, why, and how that data is being collected and used.

Informed Choice

The ‘Cookie Law’ introduced in 2011 (yes, it’s been 7 years!) targeted the usage of non-essential cookies i.e. those not entirely necessary for the basic functionality of a website. However, it didn’t offer users much control or choice.

 

The GDPR aims to change this in that users should be given a choice as to whether or not they agree to non-essential cookies being stored on their computer/browser. Now, accepting that cookies used by standard analytics software aren’t essential, and that they don’t contain ‘personal data’, then where does that leave us? Well, the answer lies in transparency. So long as you are clear in your ‘request for consent’ that the cookies used in your analytics software don’t collect identifiable data, nor are they shared across websites, then you should be fine. Otherwise, if they do (i.e. you have advertising features enabled), you must obtain consent from each and every visitor before setting those cookies.

Newsletter Subscriptions & Accounts

Similarly, if you have a newsletter subscription or account creation feature on your website, then you must obtain consent from users before you can collect their data. Common practice has usually been to present a “Send me occasional news by email” or “I agree to the website T&Cs” checkbox to users. This practice is now imperative, and furthermore, the declaration should be a request for consent, and should point to your Privacy Policy (it can’t be hidden in your T&Cs) which contains the full ‘request for consent’ in a clear and intelligible form, remembering to detail the what, why’s and how’s.

 

And whatever you do, don’t pre-tick the checkbox, or have any kind of “opt-out” option. Consent must be definitive, and unambiguous, and a timestamp of when that consent was obtained, and what the user was consenting to, must be recorded for audit purposes.

 

If your current privacy policy doesn’t satisfy the conditions of the GDPR, then you will need to obtain additional consent from your existing users or subscriber base.

 

In addition, “it must be as easy to withdraw consent as it is to give it”. Users must be offered an option to unsubscribe in all communications, or delete their account on your platform.

 

Think about what data you’re collecting, and whether you really need to. Obtaining consent to collect that data may present more risks than what it’s worth. Additionally, if you later decide to start collecting more data than is detailed in your original privacy policy (or the terms of your privacy policy change), then you will need to obtain additional consent to the updated privacy policy.

Affiliate Tracking Codes

Affiliate tracking cookies are fundamental to online gambling affiliates. Most affiliates are unlikely to want to offer users the ability to disable their tracking codes, and strictly speaking, as the cookies do not (shouldn’t) contain identifiable data that is shared between websites, then it might not be necessary.

 

However, affiliates should still be crystal clear about what cookies may be set as a result of clicking links on their site, why they’re being set, and how they’re being used.  It would also be prudent to offer advice about how users can block these kinds of cookies, for those who choose not to have them set.

Data Subject Rights

The GDPR also empowers individuals with control over their data, as well as outlines a number of responsibilities organisations must adhere to in order to fulfil individuals’ rights to access and control the data held on them.

 

Affiliates must be aware of their responsibilities, and put plans in place to be able to handle those responsibilities:-

Right to Access

Data subjects have the right to know what data is held on them, and how it is being used. They also have the right to request access to that data, which must be delivered to them with 1 month of the the request, in a standard electronic format, free of charge, such that they can transmit that data to another data controller (organisation) should they wish to (Data Portability).

Right To Be Forgotten

Data subjects will also have the right to be forgotten and have any data held on them deleted. Such data will include their personal information, as well as any data which could lead to them being identified, directly or indirectly. If you have implemented any tracking solutions which create a link between the data you hold, and data stored in third party software, then that link will also need to be deleted, and potentially the data stored in the third party software.

Privacy by Design & Security

The GDPR will enforce strict penalties on organisations that have failed to invest appropriate resources into securing their systems, and preventing access of data to unauthorised persons, both online and offline…

 

“The controller shall..implement appropriate technical and organisational measures..in an effective way..in order to meet the requirements of this Regulation and protect the rights of data subjects”.

 

Affiliates should ensure that any data they collect and process has been secured from the outset. If freelancers, designers or content writers have access to data unnecessarily, then it should be restricted. Similarly, any physical data should be locked safely away to prevent unauthorised access, and any new systems or website features should be designed with data privacy in mind.

 

Thought should also be given to data that can be encrypted – it may no longer be acceptable to only encrypt passwords.

Breach Notification

Organisations will be required to notify their appropriate Data Protection Authority within 72 hours of a data breach, where that breach is likely to “result in a risk for the rights and freedoms of individuals”. The gambling industry carries many negative connotations – most individuals probably wouldn’t want their identity associated with a gambling-related website, and so any data breach in this industry is likely to fall into the above category.

Data Protection Officers

Organisations who deal with large scale data processing or ‘special’ categories of data will be required to appoint a Data Protection Officer. Whilst this might not apply to most affiliates, they must understand their responsibilities as data controllers (and/or processors) to ensure the safety and security of data they hold, and ensure it isn’t shared or otherwise fall into the wrong hands. They should keep appropriate internal records, and ensure that their records are auditable.

 

This article contains general information for affiliates to make their own informed decisions about the upcoming GDPR. You must not rely on the information in this article as an alternative to professional legal advice.  The article has been contributed by Pavlos Sideris of Cashbacker – the leading gambling cashback community.

George Miller started his career in content marketing and has started working as an Editor/Content Manager for our company in 2016. George has acquired many experiences when it comes to interviews and newsworthy content becoming Head of Content in 2017. He is responsible for the news being shared on multiple websites that are part of the European Gaming Media Network.

Continue Reading
Advertisement
Comments

Affiliate Industry

GiG signs Matching Visions for its B2B marketing compliance tool, GiG Comply

George Miller

Published

on

GiG signs Matching Visions for its B2B marketing compliance tool, GiG Comply
Reading Time: 2 minutes

 

Gaming Innovation Group Inc. (GiG) has signed an agreement with Malta based affiliate network, Matching Visions, for the provision of its innovative B2B marketing compliance technology, GiG Comply.

This will support Matching Visions  enhancing its marketing compliance with heightened advertising regulations requiring operators to drive responsible marketing practices, GiG Comply offers Matching Visions an automatic webpage scanning solution to easily review advertising campaigns, helping to meet compliance needs.

Designed specifically to ensure regulatory compliance and to reduce the manual checking of affiliate sites, GiG Comply’s proprietary self-service technology scans and analyses across tens of thousands of web pages content and links with the widest reach in the market. The tool provides detailed reports, including links, images and brand mentions.

Co-Founder of Matching Visions, Dennis Dyhr-Hansen says: “We at Matching Visions are delighted to team up with GiG for its Comply product. Being an affiliate network, it is our absolute priority to constantly be 100% compliant in order to protect our operators as well as our affiliate partners from being compromised by non-compliant marketing methods. We must ensure that we are constantly ahead of the game, as compliance and responsible marketing are the top priorities at Matching Visions Network. GiG Comply is the ideal tool which will enable us to guarantee we are working towards excellence.”

Richard Brown, chief Operations Officer at GiG, says: “We are very pleased to have signed  Matching Visions to Comply. Our cutting edge compliance  solution will support its affiliate programmes to manage their marketing, supporting its affiliates to reach their compliance goals and to protect their end users .”

 

About Matching Visions:

Matching Visions is a top online affiliate networks for iGaming and sports. Founded in 2014, Matching Visions offers affiliates and operators alike a one stop solution for all their gaming needs. Matching Visions houses hundreds of the best casino and sports brands, they also house thousands of affiliates. You can get access to everything you need in one place, with one contact, one on time payment and so much more!https://matchingvisions.com/

About Gaming Innovation Group (GiG):

Gaming Innovation Group Inc. is a technology company providing products and services throughout the entire value chain in the iGaming industry. Founded in 2012, Gaming Innovation Group’s vision is ‘To open up iGaming and make it fair and fun for all’. Through its ecosystem of products and services, it is connecting operators, suppliers and users, to create the best iGaming experiences in the world. GiG operates out of Malta and is dual-listed on the Oslo Stock Exchange under the ticker symbol GIG and on Nasdaq Stockholm under the ticker symbol GIGSEK. www.gig.com

Continue Reading

Affiliate Industry

Time to take responsibility

George Miller

Published

on

Time to take responsibility
Reading Time: 3 minutes

 

Joonas Karhu, Chief Business Officer at online casino comparison site Bojoko.com, says that affiliates must do more to protect gamblers from problem play

 

The global online casino industry is now very much focused on prioritising responsible gambling and ensuring that players are properly protected.

This is being driven by regulators in core markets around the world coming down hard on operators that have dropped the ball in this regard.

In the UK, for example, several big-name gambling giants have been hit with multi-million-pound fines for serious responsible gambling failings.

But it is not just operators that have to shoulder the responsibility for ensuring that online gamblers are happy, healthy and given the tools they need to remain in control of their play.

Affiliates are a huge driver of new player traffic to online gambling sites and are rewarded financially for the customers they send.

As such, online casino publishers must do as much as they can to protect their readers in addition to the efforts operators must go to as part of their licence requirements.

There are several ways this can be done.

The first is to provide players with the information they need to understand what tools are available to them, and how they can be used to manage their play.

This means creating guides that clearly explain deposit limits, loss limits, wager limits, session limits and the options to cool-off and self-exclude.

What’s more, responsible gambling should be a separate tab on the homepage or on the bottom banner – the clearer it is the better.

In addition to this, affiliates must also make sure players understand wagering requirements and how they work.

The seasoned gambler is likely to be very familiar with them, but those that play on a more casual basis may not be.

The best way of explaining how wagering requirements work is to clearly outline the different types of play through operators can attach to a bonus and use an example.

It is also important to make bonus terms and conditions, in particular wagering requirements, clear at all times.

The UK Gambling Commission now requires that significant terms and conditions be visible below all bonus offers, and not just one click away.

This shows how serious the regulator takes the issue of bonus T&Cs when it comes to responsible gambling and properly protecting players.

Of course, this is all standard practice for any good online casino affiliate site. So, what more can be done?

Here at Bojoko, we recently took the decision to team up with gamban®, a tool that allows players to block gambling websites and mobile apps.

Why did we do this? While all licensed online casinos offer the option to self-exclude, errors do occur and, in some cases, players have been able to continue to wager.

We wanted to give our readers the best tool around to completely block online gambling websites and apps should they decide to self-exclude.

We have negotiated a deal with gamban® so that our readers can use the software free of charge for three months before their £1 per month per device subscription kicks in.

It may seem counter intuitive for an online casino affiliate site to allow its readers to self-exclude from sites, but it’s not.

Publishers should want their players to be healthy and if they do go on to develop a problem it is vital they do all they can to provide the tools and support they need to overcome it.

Here at Bojoko, we believe that it is the responsibility of all industry stakeholders, and not just operators, to uphold the highest responsible gambling standards.

We are proud of our partnership with gamban® and hope that other publishers will follow our lead in doing all they can to protect players.

Continue Reading

Affiliate Industry

Multilotto continue to increase their focus on Affiliates

Zoltan Tundik

Published

on

In this photo: Multilotto’s Chief Growth Officer, Alex Sakota
Reading Time: 1 minute

 

As Multilotto’s Chief Growth Officer, Alex Sakota, joins the panel at the London Affiliate Conference, Multilotto launches its Affiliate site.

There is no doubt that the affiliate market is an integral part of the iGaming industry and at a time where both operators and affiliates are navigating the several changes to regulations from a different jurisdiction, there is an even greater need of better communication and collaboration between the two.

Seeing these changes, Multilotto has decided to up the ante and launch their new website focused solely on Affiliates. The site includes information about their revenue share model, why Affiliates should choose Multilotto, testimonials and a comprehensive blog.

Alex Sakota, Multilotto’s Chief Growth Officer, will also be speaking at the London Affiliates Conference about the recent Swedish Legislation in the “Stockholm Syndrome or: How I Learned to Stop Worrying and Love the Swedish Regulator” panel.

Mr Sakota has a very strong reputation within the industry and has led acquisitions efforts at a number of leading organizations in Malta including EPC Masters, Dating Factory, Traffic Mansion and GFI Software. He organized the island’s first-ever internet marketing seminars and has aced as a lead spokesperson at a number of major events, including eProfitMalta and RE/MAX Europe where he managed in excess of 90M visitors a month, setting new records in the process.

 

About Multilotto

Multilotto is an established online lottery betting service with licenses in the UK, Ireland, Malta and Sweden. It is the online destination for customers who want to access a wide range of international lottery jackpots, offering accessibility, simplicity and ease of use.

Our two biggest jackpots are Powerball and Mega Millions from the United States. We also offer Europe’s largest transnational lotteries, EuroJackpot and EuroMillions, and more lotteries from across the globe.

Continue Reading
Advertisement
NSoft

Global Gaming Industry Newsletter – Weekly Digest (sent every Wednesday)

Please select all the ways you would like to hear from European Gaming Media and Events:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here. Read more about European Gaming Media and Event's Privacy Policy and Terms of Service.

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Latest by author

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.