Five states already have approved comprehensive online privacy laws which could become a speed bump slowing the expansion of sports betting and internet gambling across the United States.
Privacy laws enable consumers to obtain and edit their personal data and, in some cases, block the processing of such information for advertising.
On June 28, 2018, California became the first state to pass a comprehensive online privacy law, which became effective on January 1, 2020.
Coincidentally or not, the U.S. Supreme Court overturned a federal sports-betting ban on May 14, 2018.
Connecticut became the latest state to enact online privacy legislation on May 10, following similar actions in 2021 by Virginia, Utah and Colorado.
This trend seems almost certain to continue in many other states.
“Gaming, I think, faces some specific challenges because of the volume of personally identifiable information collected [and] the nature of some kinds of information that is important to the business such as geolocation,” said David Opderbeck, a law professor at Seton Hall University in Newark, New Jersey.
Privacy laws may have a greater impact on online sports betting, which continues to expand rapidly across the United States while internet gaming remains in a lull.
Restrictions regarding data for in-play betting have become an ongoing debate as athletes and their unions dicker with leagues about the type and amount of statistics that should be available for marketing.
“Things will be much messier, I think, if the law doesn’t provide guidance about the boundaries of any property-like rights the players, teams or leagues have in these in-game infometrics,” Opderbeck said.
The state-by-state approach on personally identifiable information in the United States contrasts starkly with the European Union, which has adopted a more comprehensive framework through the General Data Protection Regulation (GDPR), which also became effective in 2018.
“The European view is that the privacy of personally identifiable information is connected with human rights, and that at least some aspects of privacy are therefore inalienable or should be difficult to disclaim even in relation to other private parties such as businesses,” Opderbeck said.
“The American view is that personally identifiable information is not at the center of whatever human [or] constitutional rights to privacy an individual might have.”
The relationship between a consumer and a private commercial entity in the United States is almost always based on a contract, according to Opderbeck.
“And the contracts we agree to — the terms of service of social media sites and the like — tend to give control over personally identifiable information to the commercial entity,” he said.
During the first 16 days of mobile sports betting in New York, gamblers wagered more than $1.1bn, according to a March 4 article in the New York Law Journal by Sharon Klein and Jennifer Daniels of Blank Rome law firm.
“If you look at the website privacy policies for the online betting brands, you will see that they broadly collect personal information,” Daniels told VIXIO GamblingCompliance.
“They process and share that personal information for a variety of purposes and combine personal information from online betting sites with information collected from casinos and other sources.”
The New York legislature adjourned last week without passing a comprehensive online privacy measure known as the New York Privacy Act.
So far, it does not seem like sports-betting operators consider the online privacy laws in the United States to be onerous.
“We already comply with the California Consumer Privacy Act (CCPA), which is specifically included in the [DraftKings privacy] policy,” said Jared Hess, director of public affairs and communications for DraftKings.
The section on California also says DraftKings “will not discriminate against California customers for exercising their rights under the CCPA.”
GeoComply, a company used by sportsbooks and online casinos to detect fraud and verify the digital identity and location of customers, considers online privacy laws to be key components in providing a future “of digital trust,” according to spokeswoman Aubrey Smethurst.
“We go to great lengths to work with our operators, regulators and service providers to ensure that we are able to continue to provide our anti-fraud and regulatory compliance focused products and services in accordance with applicable privacy laws,” Smethurst said.
Opderbeck, the Seton Hall professor, said perfect compliance with online privacy laws is “probably impossible.”
“There’s a bit of ‘feel’ involved here in what the different state regulators are really most concerned about and what they are likely to perceive as a good faith effort to comply,” he said.
Although he thinks a federal online privacy bill could draw broad support, Opderbeck said he is not optimistic Congress will pass such a measure.
“I don’t know if partisan politics will allow anything like this to happen in the near future,” he said.