The Information Commissioner's Office (ICO) has issued a reprimand to Bonne Terre Limited (t/a Sky Betting and Gaming) for unlawfully processing website visitors’ data. It was found that the collection of users’ personal information on the SkyBet website for marketing purposes, via third party tracking technologies, commenced before users had given their consent and was therefore in breach of the UK GDPR.
Following a complaint by the campaign group Clean Up Gambling, it was found that between 10 January and 3 March 2023, Sky Betting and Gaming had deployed cookies on their SkyBet website which processed visitors’ personal data as soon as the user accessed the website and before the user had the opportunity to accept or reject the relevant cookies. As a result, the visitor's personal information may have been shared with third party advertisers and used to target them with personalised adverts without their consent or knowledge.
Over the last year the ICO has focussed on cookie usage by the top 100 websites in the UK. Following a review in November 2023 the ICO wrote to 53 of these websites warning that unless they made changes to their method of obtaining consent for advertising cookie that they would face enforcement action. The websites that the ICO contacted were found to not be giving visitors the ability to choose if they consent to the use of tracking cookies for personalised advertising, specifically ensuring that it is clear how to 'reject all' these tracking cookies if the visitor wished. The ICO have confirmed that 52 out of the 53 websites contacted have made the changes requested and are now in line with the regulations.
The ICO have further confirmed that they intend to continue reviewing websites to ensure they are compliant with the regulations. UK GDPR and the Privacy and Electronic Communications Regulations 2003 together set out the regulations which companies must comply with in relation to cookie use and the processing of personal data. Under these regulations a website must tell its visitors if cookies are used, what cookies are used and why. Furthermore, a visitor’s consent must be actively and clearly given especially in the case of tracking cookies used for personalised advertising. In practice this is usually obtained by way of a cookie banner on a website with an accept/ reject option. For any website it is crucial that their cookie policy and method of providing consent is clear and adheres to the regulations to avoid any potential enforcement action by the ICO.
Stephen Bonner, Deputy Commissioner of the ICO said in a statement:
“We’ve all seen adverts online that seem designed specifically for us, such as an ad for trainers after signing up to a gym online. Some people may be happy to consent to receive these, but others may not be comfortable receiving similar adverts, especially when it comes to sensitive aspects of our digital activity. For example, if you are visiting a gambling website or looking up concerning health symptoms, you may want to prevent this personal information being shared with advertisers.[…] Our enforcement action against Sky Betting and Gaming is a warning that there will be consequences if organisations breach the law, and people are denied the choice over targeted advertising. We are preparing to scrutinise the next 100 most frequented websites, so I urge all organisations to assess their cookie banners now to make sure consent can be freely given before a letter arrives from the regulator.”
If you would like any further information or have any queries on the content of this article, please contact David Varney or another member of our Technology team