Copyright: tashka2000 / 123RF Stock Photo

The European Gaming and Betting Association has contacted the Norwegian Data Protection Inspectorate seeking an urgent investigation into a payment blocking scheme that it says breaches the privacy of Norwegian citizens conducting online payments.

The EGBA, whose members include bet365, GVC and Kindred, asserts that the scheme, established by the Norwegian Gaming Authority in 2010, is in contravention of Norwegian data protection laws and the European Convention on Human Rights.

In a statement, the EGBA said the Norwegian Payment Blocking Regulation “essentially prohibits businesses from carrying out payments of bets and prizes in online gambling services which do not have a licence in Norway.”

In March 2017, the NGA imposed orders on Norwegian banks to block transactions to seven account numbers. The EGBA claims that the manner in which the NGA obtained that account information breaches the privacy protection rules of Norwegian citizens, including citizens that do not have any financial relation with online gambling service providers.

“The only place the NGA could have obtained the information about these account numbers is from a database containing data of Norwegian citizens, the Foreign Exchange Register, to which the NGA has no right of access according to Norwegian law,” said the EGBA.

“To obtain the account information the NGA would have scanned and obtained login data of payment details belonging to Norwegians citizens that may or may not be related to online gambling services – and this contravenes Norwegian citizens’ privacy rights as laid down by the European Convention on Human Rights,” the statement read.

Maarten Haijer, secretary general of EGBA, added: “Online data protection and the right to privacy are a major concern to all Norwegian and European citizens and rightly so. As more and more of our information goes online, we must be able to trust that our online data is protected.

“The data protection rules for online gambling companies are very stringent, and these companies are rightly expected and forced to comply with those rules – but the law requires the same from public authorities like the NGA.

“In this case we believe the NGA has made a clear breach of data protection rules which the Norwegian DPI should investigate and take appropriate action if necessary.”