On 10 June, the European Gaming and Betting Association (“EGBA”) published its code of conduct for online gambling operators on the subject of processing personal data, becoming one of the first organisations of its kind to put forward a sector-specific self-regulatory regime to support compliance with the EU General Data Protection Regulation 2016/679 (“GDPR”).

Who are the European Gaming and Betting Association?

The EGBA is the industry organisation representing leading online gaming and betting operators that are established, licensed and regulated within the EU. Formerly known as the European Betting Association, EGBA predominantly works alongside national authorities and other stakeholders to regulate the sector and uphold standards on responsible gaming.

EGBA does not represent all online gaming and betting operators in the EU. However, membership is interpreted as a form of ‘gold-standard’ across the industry. Members are required to comply with EGBA’s general standards, including requirements to prevent underage gaming, to ensure prompt and accurate customer payments and to promote ethical and responsible marketing.

EGBA’s Code of Conduct on Data Protection in Online Gambling

The code will seek to ensure that EGBA members (and non-members who sign up to the code) implement best practice policies on the processing of personal data.

For example, the code sets out the rules on how customers should be able to transfer their personal data from company to company efficiently and securely (understanding that many gambling customers tend to surf different gaming sites and hold betting deposits with multiple operators).

The code specifies certain information that should be contained in a company’s privacy policy; for example, making a customer aware that their personal data may be processed for anti-money laundering purposes. Additionally, it sets out the possible exceptions to the GDPR’s principle of ‘transparency’ (taking into account certain sector-specific situations including processing information where disclosure would affect an ongoing investigation, for example in relation to match-fixing or other sports integrity issues).

The code is now subject to formal approval by the relevant supervisory authority (the Office of the Information and Data Protection Commissioner in Malta) to ensure its full compliance with the GDPR.

Closing comment

By introducing the code, EGBA has reiterated the importance of its function whilst perhaps also increasing the perception of a regulatory gap between members and non-members. The decision to implement such a policy also appears to demonstrate a further willingness on the part of EGBA to prioritise the needs of gambling customers.