A recent investigation has uncovered that numerous gambling websites have been covertly tracking visitors and transmitting their data to Meta, Facebook’s parent company, without obtaining proper consent.

This unauthorised data transfer, which appears to violate data protection laws, allows Meta to categorise individuals as gamblers and target them with advertisements for betting platforms.

The investigation, according to The Guardian and citing data collected by the Observer, tested 150 gambling websites, including online casinos, sports betting platforms, and bingo sites.

Of these, 52 were found to be automatically sending user data to Meta through the Meta Pixel tracking tool before users had the opportunity to consent to or decline data sharing.

This data included details of the web pages visited and actions taken, such as clicking buttons.

Once this information was gathered, users were profiled and subsequently inundated with gambling advertisements across Facebook and other Meta platforms.

The Observer reported that one of its investigators, after visiting gambling websites, received promotional offers from 49 different brands, including free bets, new player bonuses, and high-reward incentives.

Data protection laws require that businesses obtain explicit user consent before collecting or sharing personal data for marketing purposes.

However, the testing revealed that data transfers occurred automatically upon loading the website, bypassing user consent entirely.

Government calls for change (again)

Concerns over these practices have prompted calls for immediate regulatory intervention.

Iain Duncan Smith, chair of the all-party parliamentary group on gambling reform, criticised the apparent legal violations, stating that the use of tracking tools like Meta Pixel without explicit user approval is a clear breach of data protection laws.

He emphasised the need for stricter enforcement, calling the current regulatory framework inadequate in controlling the gambling industry’s marketing tactics.

Privacy experts have also expressed alarm over the findings. Wolfie Christl, a researcher specialising in data privacy, stated that sharing user data with Meta without informed consent demonstrates a blatant disregard for the law.

He added that Meta plays a complicit role in these practices by facilitating unlawful data sharing and failing to enforce compliance with its own terms and conditions.

Meta displays pattern as repeat offender

This is not the first instance in which Meta has been implicated in improper data-sharing practices. In 2022, the company agreed to a $725m settlement in response to a class-action lawsuit regarding data privacy breaches linked to Cambridge Analytica.

The lawsuit, which originated in 2018, was filed after it was revealed that Facebook had allowed third-party applications to access personal user data without explicit permission.

The Cambridge Analytica scandal involved a personality quiz app, thisisyourdigitallife, created by a Cambridge University researcher. The app harvested the personal data of users and their Facebook friends without authorisation, resulting in a dataset of 87 million profiles.

The data was later used for political profiling and targeted advertising, sparking widespread criticism and regulatory scrutiny.

In response to these issues, Meta implemented measures aimed at restricting third-party access to user information. It introduced a tool known as Off-Facebook Activity, which allows users to review and clear data shared with Meta by other websites.

Despite these efforts, the latest revelations suggest that significant gaps remain in Meta’s enforcement of privacy policies.

Better oversight needed

The UK’s Information Commissioner’s Office (ICO) has been investigating gambling-related data practices.

In September, the ICO issued a reprimand to Sky Betting & Gaming for violating advertising cookie regulations by collecting and using data without user consent.

The company attributed the issue to a technical error and stated that it had been resolved.

In a separate case, Sky Betting & Gaming was found to have unlawfully processed a problem gambler’s data, sending over 1,300 marketing emails despite their compulsive gambling behaviour and impairing their ability to provide meaningful consent.

The High Court ruled that the company’s actions violated data protection laws, though Sky Betting & Gaming has indicated that it is considering an appeal.

The UK Gambling Commission has introduced measures to prohibit “cross-selling,” a practice in which companies promote additional services to existing customers.

However, no current regulations prevent gambling companies from using profiling by third-party platforms such as Meta to target potential new users.

The latest findings have intensified demands for regulatory bodies to take stronger action against data privacy violations in the gambling industry. Critics argue that Meta’s role in facilitating unlawful data-sharing must be scrutinised further, given its repeated involvement in privacy scandals.

Share