The UK Information Commissioner’s Office (ICO) has issued a stern reprimand to Sky Betting and Gaming for unlawfully processing users’ personal data through advertising cookies without obtaining proper consent. The breach, which occurred between January 10 and March 3, 2023, involved the automatic placement of cookies on users’ devices as soon as they visited the Sky Bet website, prior to being given the option to accept or reject them. This violation exposed users’ data to advertising technology companies without their explicit consent, though the ICO found no evidence of targeted exploitation of vulnerable individuals.
The ICO’s investigation, spurred by a complaint from the watchdog Clean Up Gambling, uncovered that Sky Betting and Gaming’s practices fell short of lawful transparency and fairness. While corrective measures were taken by March 2023 to allow users to reject cookies before data sharing, the incident underscored the need for stricter adherence to data protection standards. The ICO’s action against Sky Betting and Gaming reflects a broader crackdown on cookie compliance across UK websites, with over half of the top 100 sites initially found to be non-compliant.
Stephen Bonner, Deputy Commissioner at the ICO, emphasized the intrusive nature of advertising cookies and highlighted the need for companies to provide clear and meaningful consent options. He praised the progress made by most websites but warned that non-compliance, such as using manipulative consent tactics, would not be tolerated. The ICO’s focus now shifts to scrutinizing the next 100 most-visited websites, urging organizations to review and update their cookie practices to avoid penalties.
The Sky Betting and Gaming case is part of a global movement towards greater privacy and transparency in digital advertising. As regulations evolve, companies must ensure that consent mechanisms are both visible and user-friendly, making it easy for users to control their data. The upcoming UK guidance on cookies and the “consent or pay” model will further shape how organizations manage user consent and data protection, underscoring the importance of compliance in today’s privacy-centric digital landscape.
