Shutterstock

The Information Commissioner’s Office (ICO) has taken aim at Sky Betting and Gaming over unlawful data processing practices.

It came off the back of an investigation by the ICO that detailed the operator had processed personal data through advertising cookies without gaining the consent of users

The complaint, which came from campaign group, Clean Up Gambling, was publicised by the Financial Times and Daily Mail.

Clean Up Gambling explained thes importance for the ICO to investigate whether Sky Bet was deliberately using personal data without consent to target vulnerable gamblers – “such profiles include indicators of personal vulnerability and addictive behaviours, which can then be used to target the most vulnerable.”

The ICO investigation found that from 10 January to 3 March 2023, Sky Bet was processing user information and sharing it with advertising technology companies.

Data was captured via advertising cookies that were processed once a user visited Sky Bet websites, where they had no option to consent to accepting or rejecting the cookies.

Nonetheless, the investigation failed to find evidence of deliberate misuse of data; however, it was concluded that Sky Bet had processed personal data through “certain cookies in a way that was not lawful, transparent or fair.” 

Taking action in March 2023, Sky Bet implemented changes to allow users to reject advertising cookies before data sharing.

Stephen Bonner, Deputy Commissioner at the ICO, said: “Our enforcement action against Sky Betting and Gaming is a warning that there will be consequences if organisations breach the law, and people are denied the choice over targeted advertising.

“We are preparing to scrutinise the next 100 most frequented websites, so I urge all organisations to assess their cookie banners now to make sure consent can be freely given before a letter arrives from the regulator.”

The case involving Sky Bet builds part of a broader crackdown on cookie compliance across UK websites, which has seen the ICO take a wide variety of actions against companies. 

A review of the UK’s top 100 most visited websites revealed that 53 had infringed upon cookie compliance duties, whilst 52 had been forced to make changes.

British media, advertisers and publishers have been warned of the ICO’s intentions to undertake a further sweep of websites and data management platforms for potential data protection violations.

The ICO urged that organisations breaching cookie laws will face enforcement, urging companies to review their cookie practices proactively.

Deputy Commissioner Bonner concluded: “We are pleased to see changes being made as a result of our intervention, with 99 of the top 100 websites either already offering a meaningful choice over advertising cookies or making improvements to gain people’s consent.

“These changes mean that people have more agency over how their personal information is used online. Others have started to introduce alternative methods to obtain consent, such as ‘consent or pay’ – a business model we are currently reviewing.”

As detailed in the King’s Speech, the Labour government has pledged to introduce a new ‘Smart Data Bill’’, to balance and harness data processing for economic growth.

The Smart Data Bill will replace the Data Protection and Digital Information (DPDI) Bill, endorsed by the former Conservative government, which failed as the House of Lords stalled its review due to amendments sought by the Department for Work and Pensions (DWP).

Labour plans to enhance the remit of data processing by providing users with three types of legal consent, including for the use of digital verification services and the creation of secure digital identity products.