Much as with an asteroid that remains in deep space and is detected only by the biggest space telescopes, the EU’s General Data Protection Regulation (GDPR) is on a collision course with the gambling sector’s hopes for gaining a 360-degree view of its customers.
A report from Citi published in March this year entitled ‘ePrivacy and data protection’ and which specifically questioned how regulation could alter the path to innovation suggested the introduction of GDPR in May next year would represent “one of the most significant events” in the brief history of data protection.
“The aim of the evolving data protection regulation in Europe is to shift power back to the consumers, and ultimately increase transparency and trust in how companies use consumer data,” the report’s authors wrote. “Best case, consumers become more trusting if they are better educated on how data is used.”
However, the risk is that the actions of the EU will be “too heavy-handed” and will result in a vast reduction in data being shared with companies “particularly in relation to third-party tracking.” Says the report: “The advertising technology (adtech) space and online advertising-funded media rely on the ability to track consumers using third-party trackers (to place value on an ad and for measurement).”
It should be noted here that if UK companies think that Brexit might mean they escape the worst of the GDPR provisions, they should likely reconsider. As the Citi report suggests, any company tracking European customers or offering goods or services within the European Economic Area will have to comply with the requirements of the GDRR. Besides, the likely new Conservative government also has its own ideas when it comes to regulating the internet that make any EU actions in this direction look almost libertarian.
Bad news bears
So, all in all bad news for adtech – but good news for software and cyber security providers. More broadly, though, the move towards a greater understanding of ePrivacy on the part of the consumer will challenge assumptions in the marketing sphere about what they can do with the exponentially increasing flow of data about the customer.
“I think we are at an inflection point where customers start to see the potential harms which arise from the explosion of recording and processing of their personal data,” says Guy Cohen, policy lead at leading regtech and digital identity services provider Privitar.
“In the future we expect to see privacy increasing as a competitive differentiator as customers seek out organisations which adopt privacy protecting business models. This will mean that the winning formula for the future is not whether to innovate with personal data or not, but whether to innovate with personal data in a privacy preserving way or not. The winning business models will be those which can both innovate with data and protect privacy.”
Regulators too will be paying attention to what companies can achieve with big data. While a greater regard for ePrivacy is one major current in the data landscape, a second vital one is the apparently contradictory drive towards greater understanding of KYC and AML processes and legislation.
“Gambling operators are finding their processes under increased scrutiny due to anti-money laundering related enforcement,” says Warren Russell, chief executive at W2 Global Data. “There is also a need for comprehensive reporting tools that can help operators avoid some of the pitfalls inherent in a world where fears over money laundering and terrorist financing are prevalent.”
Again the gambling world would do well to look at the world if financial services where the emphasis since the crash of 2008 has been on greater protection of customer data, with heavy fines applicable should they fail to achieve the appropriate level of compliance. “When new regulation is brought into the online gambling arena, operators will not be able to afford to ignore it,” says Russell. “They will need to invest in customer verification technology to avoid being hit by large fines which will have a financial and reputation impact on them.”
The same is true with GDPR where fines of 4 percent of a company’s global turnover will be levied for those found to have breached basic privacy and data handling law. The regulation replaces – and hugely augments – the previous Data Protection Directive from 1995. The main area of contention is what the regulation means when it comes to consent of use of personal data. According to Citi, the changes involved with regard to cookies “constitute a meaningful tightening of consent requirements.”
To comply with the new requirements, companies will have to demonstrate they have minimised data risks, maintained their internal documentation and have conducted data protection impact assessments. At the very least, it increases the costs for operators, and in terms of their marketing operations, it potentially restricts the degree to which they will be able to push ahead with their plans for further personalisation.
Such is the view of Gene Tradle, the chief executive and founder of blockchain-based KYC startup Tradle. He says that blockchain solutions have the potential to “resolve some of the tensions” that have been highlighted by the advent of GDPR and by other regulatory KYC and AML requirements.
“The 360-degree view will work for a while, but it’s wrong,” he says. “It’s wrong to be tapping into sources they shouldn’t be tapping into.”
He continues: “Digital identity is the most critical enabler for any kind of services in the digital market, especially the regulated industries. But it has to be a solution which is very acceptable to consumers and small business and without the government dominating the creation of those services. The personalisation nirvana will be constrained by what the customer wants.”