In an article for iNTERGAMINGi, counsel Richard Field considers
data protection in eGaming.
Regulation has always been a contentious issue for businesses
from all sectors. Finding the right balance between a regime that
is not sufficiently tough to enforce common minimum standards and
one that is so prescriptive that it stifles business, is very
difficult. Add in the complexities associated with moral judgments
as to the nature of the business itself and how it interacts with
its customers, and it is easy to see why success in eGaming is
tough to achieve.
With the onset of the single digital marketplace in Europe, and
the increasing globalisation of e-commerce, traditional
"boundaries" (whether jurisdictional or legal) are being
broken down. Regulation has a key role to play in ensuring that
defensible standards are maintained for eGaming businesses and no
more so than in the sphere of data protection.
Our attitudes towards data protection have been changing in
recent years – gone are the days when data protection was
seen as the poor cousin to other, more "glamorous" (these
things are relative) areas of compliance, such as fraud, anti-money
laundering or sanctions. Data is rightly being cited as the new
"oil" in terms of its value to businesses. The growth in
cybercrime, however, has focused the attention of boards across the
globe on the risks of processing data, in particular personal data
and in terms of securing their digital assets.
Data protection is an inherent part of eGaming business –
the processing of customers' personal data is a daily part of
life for eGaming operators. Whilst some businesses in other sectors
may deal with large volumes of personal data, it is often the case
that eGaming businesses are dealing with hundreds of thousands of
customers' data at any given time. Managing those data flows,
whilst ensuring security and compliance with a raft of varying
international laws is a significant challenge and one which will
take on an additional dimension in the years' to come.
The General Data Protection Regulation ("GDPR") comes
into force across the EU in May 2018 and has direct effect in all
EU Member States (in other words, there is no need for implementing
legislation in individual jurisdictions). However, the impact will
be felt more widely, as the GDPR has extra-territorial effect. If
operators are doing business in the EU, or profiling customers
living in the EU, then the GDPR will apply. For eGaming businesses,
the global reach of the legislation will have a significant impact.
Notwithstanding the current uncertainty surrounding
"Brexit", the standards it imposes will remain the
benchmark for years to come.
Regulators will have power to impose administrative fines up to
a maximum of 4% of global annual turnover or €20million
(whichever is the greater) for serious breaches and so compliance
will be a board level problem. eGaming businesses will have to be
aware of the changes to come and should start preparing for the new
regime. Alderney and Guernsey are already working towards
compliance in these areas and will remain at the cutting edge of
regulation in this area, thereby continuing to retain their place
at the forefront of the industry.
To read more from iNTERGAMINGi, please click here.
Previously published by iNTERGAMINGi
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
There has been much discussion in the media regarding the use of virtual private networks (VPNs) in the United Arab Emirates (UAE), triggered by the recently announced Federal Law No. (12) of 2016 (the Amendment), which amends Federal Decree-Law No. (5) of 2012 on Combating Cybercrimes (the Law).
The International Comparative Legal Guide to Gambling provides a current and practical cross-border insight into gambling law, following a Q&A format to ensure thorough coverage of the topic within different legal systems worldwide.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).