Thought leadership from our experts

The objectives of consumer protection and public order in the gambling sector

Introduction

In the absence of harmonisation at the EU level, Member States are in principle free to set their own policy objectives on betting and gaming activities in accordance with their own scale of values which vary between Member States. However, while doing so, Member States must make sure that the framework in which gambling services operate can be justified by at least one of the two main pillars of the regulatory framework of the gambling sector: (i): public policy, public security or public health (as provided by virtue of Article 62 TFEU in conjunction with Article 52 TFEU); and (ii): overriding reasons in the public interest as established by the CJEU case-law e.g. the objectives of consumer protection, prevention of gambling addiction, combating fraud and crime and the incitement to squander money on gambling. However, whilst Member States wish to rely on these public interest objectives that they seek to protect, the must satisfy the principle of proportionality, suitability and necessity, as well as to demonstrate that the public interest objectives are being pursued consistently and systematically.1

Consumer protection

Consumer protection, safeguard of the players and their health, as well as prevention of problem gambling are the main public interest objectives of Member States while regulating their national gambling frameworks.2 To that end, the Member States policies are driven by the principle of a high level of protection of consumers, aiming to detect the warning signs of problem gambling, identify alterations in players activities and prevent minors from being harmed or exploited by gambling. In order to ensure that policy the gambling operators have to take a preventive approach. Some of the concrete measures that Member states can require the gambling operators to adhere to, include:

  1. setting up a registration process which ensures verification and identification of the individual and enables tracking of players' behavior;
  2. introducing procedures to verify player accounts;
  3. monitoring players activities as to discover disconcerting changes in gambling behavior which may lead to direct the player to take time out by an operator or to exclude the player from gambling activities;
  4. putting in place measures designed to prevent minors from gambling, including age verification checks during the registration process.

Particularly in the online gambling, the recent technological advancements enabled gambling operators to perform a technology-driven monitoring of players' gambling activities. The collection of players' of personal data allows gambling operators to find out how much time players spend playing, how much money they stake and how they perform during the game. In the framework of lotteries and other gambling services providers, these behavioural data allows to foreseen players' future behavior and identify behavioral patterns of problematic gamblers. Hence, it may serve as an useful tool to identify and react in real-time to risky behavioral patterns associated with problem gambling. By monitoring how an individual player interacts with a game, gambling operators are able to provide remedies and mitigate players' hazardous behaviors. However, this is a sensitive and delicate matter where serious privacy questions come into the picture.

Responsible gaming framework

1. Self-exclusion

The developments of online gambling services give rise to gambling addiction considerations. The need of consumer protection, including minors and problematic gamblers, requires casinos and betting services providers to put in place the adequate prevention and detection measures. These make take form of the following safeguards: the e-identification, time and financial limit-setting possibilities for the player, preventing the self-excluded gamblers access to the gambling premises, reality and credit checks of the financial situations of regular players.

As regards limit-setting, the (technical) safeguards should be put in place to ensure that players have a possibility to set monetary deposit limits on their accounts and that their requests are immediately being dealt with. Moreover, on the national level, many of the Member States (e.g. Austria, Belgium, France, Malta, the Netherlands, Portugal, Slovenia, and the United Kingdom) have already adopted the self-exclusion programs. In the land-based casinos, with the use of the video surveillance based on facial recognition, the identity of the voluntarily self-excluded players from entering the casinos' premises is being checked and their access on the casinos' premises denied. In the context of the online gambling, the player should at any time be able to activate a time out or self-exclude himself from a specific game available on the operator's website. In many jurisdiction the self-excluded gamblers, who have volunteered to be registered on banned persons lists, are placed on national databases or registry of self-excluded players.

2. Credit checks

Some States require casinos to carry out credit checks on players. By monitoring visit frequency, gambling intensity and the amount of money staked, gambling operators are able to identify individuals who are potentially at risk of gambling addiction. If individuals' frequency and intensity of his participation in the game potentially poses a risk to the minimum subsistence income of the player, the casino operator must carry out credit checks.3 If an individual continues to participate frequently and intensely in the game despite not having sufficient financial means to perform gambling activities, the casino management is obliged by law to ban him temporarily or permanently from entering casino premises.

3. Responsible advertising

Monitoring of the customers' online behavior allows to collect data in order to analyse and predict the personal preferences, attitudes and behavioural patterns of their performance during the game. Such data may be further used to provide more personalized services and advertisements for their current players based on the player's previous behaviour.

Although Directive 2005/29/EC on the Unfair Commercial Practices ("UCPD")4 is without prejudice to authorization regimes such as the rules related to gambling activities, advertising and marketing of gambling services fall within its scope. It has to be mentioned that the recently released by the European Commission a "New Deal for Consumers"5 which foresees to amend the UCPD applies to practices that may include certain forms of advertising of gambling services. The new Article 12a of the UCPD provides consumers will additional individual remedies when they are harmed by misleading and aggressive commercial practices e.g. aggressive marketing.

Public order

The public order is the second pillar of the EU regulatory framework of the gambling sector, with prevention of money-laundering and fraud being one of the main public order objectives. The possible types of fraudulent behavior in the gambling sector varies from misuse of personal data in a form of identity theft, unauthorized use of credit cards, to cyber-attacks against gambling operators' infrastructure. As for money laundering, the entrance into force the Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing ("4th AMLD")6 as of 26 June 2017 promised to strengthen the existing rules on money laundering prevention and to make the fight against money laundering and terrorism financing more effective.

As enforcement of these safeguards against money laundering and malpractice applies to all types of gambling7, including online gambling, gambling operators are obliged to audit, verify and perform a fully-fledged identity checks on their customers and their transactions. Concretely, as regards the implications of the 4th AMLD for European gambling operators, the measures laid down in Article 13, require obliged entities to perform the customer due diligence ("CDD") including:

  1. performing verification checks of the consumers;
  2. having in place appropriate measures to determine whether the customer or the beneficial owner of the customer is a politically exposed person; and, in such cases:
    1. taking adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with such persons;
    2. conducting ongoing monitoring of those business relationships.

Both the compliance with the objectives of consumer protection and the objectives of public order – be that in the form of the prevention of fraud and money-laundering or intervention should any suspicious online gambling activity appear – requires the extensive monitoring or players' activities. That would inevitably result in collecting and processing a vast amount of players' personal data (e.g. name, address, contact details or IP address), including sensitive personal data such as health a biometric data. This gives rise to questions on the compliance with the General Data Protection Regulation ("GDPR").8 The new data protection rules, which will become fully applicable as of 25 May 2018, are expected to have a substantial impact on the way in which companies handle personal data of their data subjects and will certainly bring about new challenges to the protection of individuals' privacy in the gambling industry across all sectors: sports betting, lotteries, casinos, gaming and betting transactions provided by electronic means. Although the intersection between the GDPR and the 4th AMLD will largely depend on national transposition measures Member States will undertake, the potential bone of congestion between the two acts include data subject right to information and access to their personal data. Under the GDPR, most of the gambling operators are likely to act as data controllers in regard to their customers' data. As a consequence, they will be subject to certain obligations to ensure that the personal data of data subjects' is being processed in lawful, fair and transparent manner. Hence, gambling operators will inevitably face the challenge on how to ensure a co-existence between on the one hand, the objectives of consumer protection and public order, and, on the other, the GDPR compliance. This challenge must be taken up by the gambling regulators in a discussion with the Financial Intelligence Units and the Data Protection Authorities.


  1. Cases C-186/11 and C-209/11 Stanleybet International, C-316/07 Stoss & Others and case-law cited therein.
  2. As provided in Commission Recommendation of 14 July 2014 on principles for the protection of consumers and players of online gambling services and for the prevention of minors from gambling online, 2014/478/EU, OJ L 214, 19.7.2014, p. 38–46. However, the recommendation does not bind the Member States.
  3. Article 25 (3) of the Austrian Gambling Act (Glücksspielgesetz).
  4. Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market, OJ L 149, 11.6.2005, p. 22–39.
  5. Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee, A New Deal for Consumers COM/2018/0183.
  6. Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC , OJ L 141, 5.6.2015, p. 73–117.
  7. The scope of the 4th AMLD applies to 'providers of gambling services' (Article 2(1)(f) AMLD4), thereby the implementation of money-laundering procedures is expanded to inter alia bookmakers and online gambling websites.
  8. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.