The EU privacy regulation will force online gambling operators and suppliers to a major change in their internal privacy compliance. Based on my personal experience, privacy compliance has not traditionally been a priority for online gambling operators and suppliers.
This was also due to the fact that operators and suppliers are usually based in countries that adopt a lighter approach to privacy compliance. But this is no longer going to happen with the EU General Data Protection Regulation (GDPR) which will entitle players to bring claims before the authority of their country of residence, rather than the country of establishment of the operator/supplier.
Fines were not frequent and their amount was in any case quite low. This is also going to change since – as covered in this blog post – fines will be increased up to 4% of the global turnover of the breaching entity. And as mentioned above, such fines might be issued also by the data protection authority of the country where players – rather than the company – are based.
One of the main aspects that will be affected for gambling operators and suppliers is that the customization and profiling of the gaming offering and marketing will require the prior express consent that shall be separate from either the consent to the approval of the player agreement or the general consent to the privacy information notice.
Also, freely given and indeed bonuses/incentives awarded for marketing consents have been challenged by the Italian data protection authority in the past.