High Court rules Sky Betting & Gaming unlawfully processed customer data

A High Court judge has ruled Sky Betting & Gaming (SBG) unlawfully processed a customer’s data to deliver direct marketing materials over a historical period.

Justice Rowena Collins Rice handed her ruling down today, 23 January, in which she said the customer had not been able to give full consent to his data being processed.

The case, which was heard last November, concerned a claimant, known as ‘RTM’, and Bonne Terre, trading as SBG.

As per the transcript from the hearing in November, RTM said his claim was being funded by Derek Webb.

RTM and his representatives, legal consultancy AWO, had claimed SBG has misused his data, including third-party cookies on other platforms, to deliver personal and targeted marketing which “fed his compulsive behaviour”.

The claimant is seeking compensation for harm, distress and loss but Justice Collins Rice did not make a ruling on those fronts today, although she is expected to eventually make a decision.

RTM began gambling in 2009 and opened a SBG account in 2010. He took out 13 commercial loans between 2013 and 2016 to fund his habit.

He closed his SBG account in August 2015, before reopening it a few days later. He then shut the account again between June 2016 and April 2017.

However, RTM’s claim relates to a period between early 2017 and either the end of 2018 or start of 2019, when he was using as many as 40 betting sites.

RTM claimed that between May and December 2018, he put £31,923 into his SBG account, averaging monthly losses of £1,793. In August alone, he lost £3,292.

In January 2019, SBG suspended his account, citing safer gambling concerns. He claimed he stopped gambling at the end of 2018.

His claim on the data front was that while SBG was allowed to use his personal data to process bets and comply with regulations, it was “not entitled to harvest his transactional data (specifically by the use of cookies) to undertake detailed profiling analytics and algorithmic predictions in order to target and personalise its marketing to him”.

RTM argued that by obtaining his personal data by cookies and delivering marketing emails directly to him, SBG required his consent beforehand. RTM denies he ever gave the operator consent.

He also alleged that health data, specifically concerning problem gambling with mental health implications, had been processed without consent.

SBG’s responsive position to these claims was that RTM did in fact consent to cookie use and direct marketing.

That consent came in the form of agreeing to web notices regarding cookie use and updated GDPR regulations, which RTM said yes to.

However, the claimant put forth that he was not compos mentis due to his gambling addiction. He also did not recall agreeing to the notices.

“He had not informed himself of the nature and use of cookies to obtain and use raw data for ultimate marketing purposes, and he had not availed himself of the information provided relating to profiling and personalisation processes and purposes. He just wanted to get on and gamble,” the ruling stated.

“First, his consent to the use of cookies for marketing purposes was limited to clicking the buttons he was presented with – the original ‘accept and close’, and the GDPR refresh buttons – without giving his mind to the matter or reading any of the accompanying material.

“Second, not having read the material, he had limited, if any, insight into the system – or the fact – that his online behaviour was being fed into modelling in order to create and enhance direct marketing to him tailored accordingly.

“Judgment is given for the claimant on the issues of obtaining his personal data through the use of cookies for purposes of targeted direct marketing without his operative consent, and of targeted direct marketing to him by email without his operative consent. That is dispositive of the substance of his claim, in his favour.”

However, Justice Collins Rice said the case could not be used to extrapolate to wider industry practices, especially given the sector had made improvements to frameworks in intervening years.

In September, SBG was reprimanded by the Information Commissioner’s Office (ICO) over an “accidental technical error” relating to third-party data, but was not deemed to have targeted at-risk customers.

A spokesman for Sky Betting and Gaming said: “We fundamentally disagree with this judgment and will be considering an appeal.

“Protecting our customers is the number one priority for Sky Betting and Gaming.

“We have made significant changes to our controls and processes over the past six years as part of our ongoing investment behind safer gambling and will continue to do so.”