The UK Information Commissioner’s Office (ICO) has reprimanded Bonne Terre Limited, the owner of Sky Betting and Gaming. It says the company unlawfully processed people’s data through advertising cookies without their consent.
The offence occurred between January and March 2023. During that time, visitors had their data captured and shared with advertising technology companies as soon as they visited the Sky Bet website. There was no opportunity for visitors to agree to cookies or the sharing of their data.
The investigation into Bonne Terre took place after a complaint from Clean Up Gambling. While no evidence of deliberate misuse was found, the regulator concluded that “Sky Betting and Gaming was processing personal data through the use of certain cookies in a way that was not lawful, transparent or fair.”
This is not the first time Bonne Terre Limited has been in trouble for misusing customer data. In 2022, the Gambling Commission fined it £1.17 million for sending promotional emails to customers who had opted out of marketing.
Part of a wider crackdown on the use of cookies
This reprimand for Bonne Terre Limited comes as the ICO continues its crackdown on using cookies and abusing personal information. It claims that last year, it reviewed the UK’s top 100 websites and discovered issues with how 53 were using advertising cookies.
After being warned that they face enforcement action, all but one took action to change how they work. The last website, Tattle Life, is not registered with the ICO and is based in Arizona, USA. Its business model is helping individuals monetise their personal data. However, it still gathers data from all visitors, and no consent banner is provided.
According to Stephen Bonner, Deputy Commissioner at the ICO, “I’m pleased to see changes being made as a result of our intervention, with 99 of the top 100 websites either already offering a meaningful choice over advertising cookies or making improvements to gain people’s consent. For example, some have now included a ‘reject all’ button and others have made their ‘accept all’ and ‘reject all’ options equally prominent, meaning it is just as easy to reject cookies as it is to accept them.
“These changes mean that people have more agency over how their personal information is used online. Others have started to introduce alternative methods to obtain consent, such as ‘consent or pay’ – a business model we are currently reviewing.
“Our enforcement action against Sky Betting and Gaming is a warning that there will be consequences if organisations breach the law, and people are denied the choice over targeted advertising. We are preparing to scrutinise the next 100 most frequented websites, so I urge all organisations to assess their cookie banners now to make sure consent can be freely given before a letter arrives from the regulator.”
Enterprise Times: What does this mean?
Websites continue to play fast and loose with personal data from visitors. Even when there are consent banners, many use obfuscating tactics to avoid visitors withdrawing their consent. For example, you click a box that says no to legitimate interest, but when you view the list of advertisers, you discover many are still set to yes.
This level of deceit is hardly surprising. The vast majority of sites rely on advertising, and that means having data to sell on visitors. It is not enough to give numbers of visitors which can be gathered anonymously. Advertisers want to target their advertising and know how many times their ads have been displayed to target audiences.
That puts websites in a difficult position if they want that revenue stream. Many have now taken to limiting access to websites and content if consent is not given. Another approach is to make people pay to have their data withheld. While that is being challenged across Europe with increasing success, the ICO is still investigating that model.
Surprisingly, Bonne Terre Limited was simply given a slap on the wrist. The ICO appears to be reluctant to issue any serious fines for malpractice when it comes to protecting data. It has already stated its position of not fining local or national government agencies for breaches. That has left many wondering what its purpose is.
Enterprise Times policy on cookies and personal information is easy. We capture statistics through Google Analytics, which uses a cookie. Visitors can opt-out when they visit the site without any impact on how they view or interact with the content. As we do not take advertising, we are not interested in capturing personal data.