Sky Betting & Gaming has come under scrutiny after unlawfully sharing customer data with advertising companies, leading to a formal reprimand (pdf) by the UK’s Information Commissioner’s Office (ICO). This reprimand stems from the company’s use of advertising cookies that processed users’ personal data without obtaining proper consent, exposing them to personalized marketing campaigns.

The ICO’s action follows an investigation into Bonne Terre Ltd., trading as Sky Betting & Gaming, which was prompted by a complaint from the campaign group Clean Up Gambling. The group raised concerns that the company was mishandling customer data, especially vulnerable individuals, by allowing targeted advertising without their permission.

Investigation Finds Unlawful Use of Data

While the ICO found no evidence to support the allegation that Sky Betting & Gaming deliberately targeted vulnerable gamblers, the investigation revealed a clear breach of data protection rules. Between January and March 2023 in the United Kingdom, the company processed users’ personal information through advertising cookies without their consent. During this seven-week period, customers’ data was shared with third-party advertising technology firms before they had the opportunity to accept or decline the use of cookies.

The ICO emphasized that this is a serious issue, as the misuse of personal data, particularly in sensitive areas like gambling, can have significant consequences. Stephen Bonner, the deputy commissioner of the ICO, cited by The Guardian, explained: “We’ve all seen adverts online that seem designed specifically for us, such as an ad for trainers after signing up to a gym online. Some people may be happy to consent to receive these, but others may not be comfortable receiving similar adverts, especially when it comes to sensitive aspects of our digital activity.”

Bonner stressed that individuals visiting websites related to gambling or health concerns should be able to control whether their personal data is shared with advertisers.

Sky Betting & Gaming Responds

In response to the ICO’s findings, Sky Betting & Gaming acknowledged the error but downplayed its severity. A spokesperson for the company stated: “We regret the accidental technical error which resulted in some customers’ information being incorrectly shared with our digital advertising partners without consent being obtained for a seven-week period at the beginning of 2023. We rectified this error within a day of becoming aware of it.”

The company also welcomed the ICO’s conclusion that there was no deliberate intent to target vulnerable customers, with the spokesperson noting: “We welcome the ICO’s determination that, after an exhaustive 18-month investigation, it found no evidence to support the claims leveled at us by campaign group Clean Up Gambling.”

Broader Concerns Over Cookie Compliance

Sky Betting & Gaming has previously faced regulatory action, including a £1.2 million fine for sending promotional offers to individuals identified as problem gamblers. This recent reprimand comes as part of a broader effort by the ICO to ensure companies comply with rules on how personal information is collected and used online.

The ICO has been focused on improving the transparency of cookie usage across websites. Last year, the regulator reviewed the UK’s top 100 websites, including those operated by Sky Betting & Gaming, and found that more than half were not following proper protocols for advertising cookies.

Sky Betting & Gaming, part of the global gambling giant Flutter, licenses the Sky brand from Sky Group but operates as a separate entity. The betting business was sold to The Stars Group in 2018 before merging with Flutter the following year. Despite its global presence, the company is now facing increased scrutiny over its handling of customer data within the UK.