The ICO has learned that there has been a "large numbers of spam texts linked to the gambling sector", and is therefore clamping down on how companies/affiliates use personal data to promote online gambling.

The ICO has written to 400 companies/affiliates associated with promoted with promoting gambling products to determine how they are using people’s personal data and how they send marketing texts, including the number of texts they have sent and the source from which they obtained people’s details.

The anti-spam investigations manager at the ICO, David Clancy, commented as follows:

“Companies must comply with the law when using people’s personal information. Not knowing the law or trying to pass the buck to another company in the chain is no excuse. The public expects firms to be accountable for how they obtain and use personal data when marketing by phone, email or text. Fail to be accountable and you could be breaking the law, risking ICO enforcement action and the future of your business.”

Currently, if one fails to comply with the Data Protection Act 1998, the ICO has the ability to bring enforcement action, as well as levy fines of up to £500,000. With the implementation of the General Data Protection Regulation (GDPR) in May 2018, non-compliance will be that much more costly, with fines being up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.

The reason for the investigation was that consumers received a large number of texts from affiliate marketers (who are paid by gambling companies to bring in new customers to the platforms). The ICO is clamping down on affiliate marketers, in particular, because neither affiliates nor companies are taking responsibility of ensuring they are processing people’s data fairly and lawfully.

As a result of the ICO clampdown, and the fact that the GDPR is coming into force on 25 May 2018, gambling companies and affiliates need to ensure they are complying with data protection laws.