Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

Taking a gamble on customer data

07 Dec 2015 United Kingdom 7 min read

This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.

Data is intrinsic to any gambling business – from collecting and monetising it to storing and protecting it, data is a valuable and business critical asset. With data frequently touted as ‘the new oil’, the stakes for getting it right (or wrong) have never been higher. In a series of articles over the coming weeks, Olswang will explore various hot topics relating to data in the gambling sector, including data and cyber security, marketing rules, ‘big data’ and the impact of the new General Data Protection Regulation. If you would like to speak to anyone in relation to any of the topics covered in this series, please contact Anna Soilleux.

Marketing in the gambling sector and how to stay compliant

In recent years, compliance with the laws relating to spam has been regarded by many in the gambling sector as a low-risk issue. Currently the fines under national law are capped at a relatively modest £500,000 and the Information Commissioner’s Office is often perceived as the meek and mild younger cousin of the Gambling Commission. But now that the ICO is teaming up with other regulators, trade associations and industry groups to target spam – and most worryingly for the gambling sector, that includes the Gambling Commission – not to mention the looming threat of fines up to 5% of global turnover being introduced under the new General Data Protection Regulation, that risk assessment needs to be re-evaluated.

In the first in our series of articles exploring data in the gambling sector, we examine the rules and risks relating to spam, and how operators can stay compliant.

Summary:

  • Unless a narrow exception known as the “soft opt-in” applies, you must have consent before sending any marketing by email or SMS.
  • The ICO monitors compliance with the regulations, and currently has the power to issue fines of up to £500,000 for any breach. Last month, it issued a £200,000 fine to a company for sending unsolicited marketing by SMS.
  • The ICO has seen a significant increase in the number of complaints about unsolicited text messages sent by, or on behalf of, gambling organisations. It has put together a taskforce of bodies – including the Gambling Commission – to tackle the issue.
  • The Gambling Commission can take its own enforcement action against licensees who are not compliant with the marketing rules and regulations. If licensed operators were found to be in serious or repeated breach of the relevant rules, the Gambling Commission may consider reviewing their suitability to hold a licence.
  • Many complaints brought against operators about spam frequently arise because of the activities of marketing affiliates. Gambling operators are directly responsible for the actions of their marketing affiliates so it is important that adequate safeguards are in place to ensure the activities of affiliates are compliant.
  • See our top tips for compliance below.

How are marketing emails and texts regulated?

The sending of marketing emails and texts is governed by the Privacy and Electronic Communications Regulations (PECR). The PECR stipulate that such marketing messages cannot be sent without consent. The narrow exception is the so-called ‘soft opt-in’ where the sender has an existing relationship with the recipient and the messages are promoting similar products or services.

ICO focus on nuisance calls and spam SMS

Spam texts and nuisance calls have been high on the ICO’s agenda for several years, leading them to launch Operation Linden. Operation Linden is a taskforce of various bodies – including the Gambling Commission – who share intelligence, discuss sector-specific issues and identify enforcement opportunities.

The ICO produces a regular update of its work in this area across all sectors, which is available here. Organisations that are being monitored by the ICO are named and shamed and the statistics have consistently showed that marketing texts from the gambling sector are among the most complained about. As a result, the gambling industry is likely to remain fixed on the ICO’s radar for some time to come.

Gambling Commission enforcement

As part of Operation Linden, the ICO and the Gambling Commission have recently signed a Memorandum of Understanding to support the joint working and sharing of intelligence in relation to spam.

The Gambling Commission has the power to bring its own enforcement action against companies for sending spam, as this practice may constitute a breach of the Licence Conditions and Codes of Practice.

Operators are also obliged to report any action or investigation by the ICO or Advertising Standards Authority (ASA) – such as in the recent case of All British Casino – to the Gambling Commission. Operators therefore need to be aware that the sending of spam could have long-term implications for their businesses.

The use of marketing affiliates

The use of affiliates is commonplace in the gambling sector, but this means that operators are often one step removed from the marketing that has been sent, and monitoring affiliates’ compliance with the marketing regulations can be expensive and time-consuming. However, the LCCP make operators directly responsible for the actions of their marketing affiliates.

In the recent All British Casino case, the ruling was made against the operator directly, despite the email in question being sent by an affiliate. Operators should therefore be aware that their contracts with marketing affiliates can be subject to scrutiny by the Gambling Commission, and that they will be directly responsible for any non-compliant behaviour by their affiliates.

What can gambling operators do to stay compliant?

Here is a summary of Olswang’s top tips for staying compliant:

  • Ensure that all marketing messages include the name and address of the sender.
  • Ensure that recipients have consented to receiving marketing messages of this type, or that the conditions for relying on the ‘soft opt-in’ are satisfied.
  • Take steps to ensure that adequate consent from individuals has been obtained when buying-in or renting marketing lists, and that this is sufficiently recent.
  • Allow recipients of marketing messages to reply directly to the message in order to opt-out, or, in the case of SMS, provide a clear and operational short code which they can use to do so.
  • If a recipient objects to or opts-out of your marketing, add them to a ‘do not contact’ or suppression list and do not send any further messages. Cross-check any future marketing lists against this list.
  • Ensure that contracts with marketing affiliates clearly set out the requirements for compliance with the spam rules, and the consequences of failing to do so.
  • Ensure other appropriate safeguards are in place to ensure marketing affiliates’ practices are compliant.
  • Follow up on any complaints in relation to the sending of spam by marketing affiliates, and take appropriate action with the relevant affiliate.
More insights
Gambling Cyber TMT - Technology, Media & Telecommunications Data Protection & Freedom of Information Technology Commercial

Explore more

Event United Kingdom

CMS Update Morning: Media, Sports and Entertainment

29 Apr 2026
Publication United Kingdom

Gambling Law Reform Tracker

02 Feb 2026 11 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.