Simon Davies, founder of Privacy International, has blasted the online gaming industry for inadequately protecting gamblers' privacy and failing to adhere to basic principles of data protection.
In many cases, the companies hide behind the weaker laws offered by offshore tax havens, including Gibraltar, Malta, Jersey, the Isle of Man, Antigua and Barbuda, and Guernsey, rather than adhering to higher European Union standards, he claims.
"This flourishing economic sector swims in an ocean of institutional illegality that places tens of millions of its customers at risk," wrote Davies in a post on his new blog.
After examining the industry for more than two years, Davies described the "malpractice" that is rife in the sector as the worst he has seen in any licensed industry.
"There is a handful of online operators who, to some extent, make an effort at fairness and compliance. There are also examples of regulators who have attempted to do their job. By and large, though, the online gambling industry operates its personal information practices in lawless territory," wrote Davies.
He added: "The rights and protections that we should enjoy are being flouted by an industry that uses its unique economic positioning to confound regulators and induce small jurisdictions into submission."
Globally, the online gambling industry enjoys an estimated revenue of $135bn (£85bn). Some four per cent of adults in the UK are estimated to bet online every year.
The problem, from a data protection point of view, says Davies, is that sites collect huge amounts of sensitive data about their users. "It is routine for sites to demand passport and credit card scans, drivers' licences, utility bills and other personal documents. All the available evidence indicates that this information is stored permanently," wrote Davies.
As a rule, however, companies do not delete this data when it is no longer required – contrary to the third and fifth principles of the Data Protection Act – preferring to keep it stored in case the gambler returns. "It is extremely difficult to close an online gambling account and, in my experience, impossible to have your data deleted."
However, when Davies filed a complaint with the Information Commissioner's Office (ICO) in the UK, the file was closed after three months. It claimed that the matter was not important and that the complaint did not warrant further action.
[Turn to next page]
This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy