Affiliate Compliance
Preparing For GDPR As An Affiliate
Data collection has become an essential part of the operations of most organisations, especially those operating online. While it is effective, it has also given rise to a number of concerns surrounding how that data can both be misused, and become the target of theft.
This GDPR is a new legislative agenda that aims to improve the safety of individuals’ data, as well as regulate how that data is collected, processed and used.
As of the 25th of May, businesses of all shapes and sizes, will need to ensure that they are fully compliant with this new legislation if they serve customers (have traffic) originating from the EU – and affiliates are no exception.
The purpose of affiliate sites is to drive traffic to merchants and operators in order to earn a commission. The more savvy of affiliates, will collect data in numerous ways in order to be able to remarket to their users, if not only to understand their users better, improve customer journey, and in turn, conversion rates.
The data collected on those users most likely falls under the realms of GDPR, and with some heavy penalties of up to €20,000,000, or 4% of annual turnover, it isn’t just another ‘inconvenience’ that should be ignored.
How to Ensure Compliance
Understand what Personal Information is
Personal information includes obvious data such as name, email address and phone number. Many affiliates won’t collect this kind of data, unless they at least have a newsletter subscription form on their website. However, it’s likely that all affiliates have some kind of website tracking/analytics software installed on their website.
Under GDPR’s definition of personal data, it includes “any information relating to an identified or identifiable natural person”.
It then continues to explain that “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Note the use of the terms “identification number”, “location data” and “online identifier”. Under GDPR, collection of IP addresses and the storing of cookies could be deemed to be deserving of consent from the individual prior to collection, if that data could be used to identify them. Note also, that it doesn’t necessarily mean personally identifying them – if cookies are being used to create a ‘profile’ on an individual, which is being processed on subsequent visits or across websites, then that is deemed as identifying them.
Obtain Consent
The key to the GDPR’s vision is the role of consent. Consent must be obtained from all individuals prior to collecting data on them that could be used to identify them “directly, or indirectly”, as well as an explanation as to the purpose for processing that data.
Consent must be “clear and distinguishable from other matters” and “provided in an intelligible and easily accessible form”. This means that it can no longer be hidden away in the midst of a website’s T&Cs, and in fact it must be entirely separate and written in clear and plain language.
The request for consent can be included in a Privacy Policy, however, a timestamp of when consent was given, as well as details of what the individual was consenting to (i.e. version of privacy policy), must be recorded for audit purposes. Therefore, an “opt-in” style checkbox or similar must be presented to users before any data collection can commence. Furthermore, pre-ticked boxes or “opt-out” options are no longer permitted, and as a minimum, a link to the full request for consent (privacy policy) must be presented.
All affiliates should review their privacy policies (or create one if they don’t already have one), and ensure it complies with GDPR. The request for consent must explain what data is being collected, why it’s being collected, how it will be used, and how long it will be kept for.
If affiliates’ privacy policies and “opt-in” practices don’t satisfy the condition of GDPR, then reconfirmation or re-permission must be obtained.
Users should also have the ability to easily opt-out or close their account with immediate effect if they no longer wish to be subscribed or for their data to be used. It must be “as easy to withdraw consent as it is to give it”.
What does this mean for cookies, and website analytics software?
If the cookies set by your analytics software are collecting data that will be used across websites (i.e. for advertising), then you must obtain consent from users before using it. The standard Google Analytics code doesn’t have Advertising Features turned on, and so technically it doesn’t even fall under the ‘Cookie Law’.
Affiliates should limit the features and data they collect to an absolute minimum. E.g. if they don’t need or use demographic reports in Google Analytics, then they should disable Advertising Features. Relying on consent should be avoided at all times where possible.
Provide Access to Data
Individuals will have the right to request a copy of the data held on them under GDPR. Requests must be fulfilled within 1 month, and the data supplied free of charge, in an easily accessible, understandable, and electronic format. They also have the right to correct or amend any information they see as inaccurate.
Affiliates should therefore prepare for the eventuality that one of their users exercises such a request.
Right To Be Forgotten
Individuals will also have the power to request that any information held on them be deleted. This will most certainly include personally identifiable data held in affiliates’ databases and 3rd party tools, but will also include any data which is ‘linked’ to from affiliates’ systems. For example, Google Analytics has a feature allowing the linking of User IDs and tracking cookies. The purpose is to track users across devices, and count them as the same user, rather than 2 or more unique users. Google have announced a tool which allows deletion of any data linked to such User IDs.
Improve Security
Security should be a top priority anyway, even a before GDPR was on the horizon. Nevertheless, affiliates should review their website security and ask themselves what they are doing to prevent a breach, as well as the ways in which data could be stolen/abused in the event of a breach. Historically only passwords were encrypted, however there is now more of a case than ever to encrypt other data too.
Notify Breaches
If an affiliate is unfortunate enough to suffer a breach, they will need to make the appropriate Data Protection Authority (DPA) aware of it. All organisations have 72 hours to report the breach, and organisations acting as data processors will be required to notify their customers (data controllers).
Appoint a Data Protection Officer
A DPO will only be required if your organisation handles a large volume of data, or is involved in monitoring this data on a large scale. In most cases this doesn’t apply to affiliates, however, they will still need to act responsibly, review their internal record keeping, and ensure that consent and data collected is auditable.
Be Paranoid about Privacy
Under the GDPR, failure to implement adequate precautions when it comes to data protection and privacy will result in the most serious penalties they have to offer. And this doesn’t only relate to online privacy.
Affiliates should review the existing safeguards they have in place to prevent data getting into the wrong hands, both online and offline i.e. in their home office or work premises. Staff should be restricted to accessing information that is absolutely critical to their role and thought should be given to what physical data would be at risk in the event of a physical break-in.
This article contains general information for affiliates to make their own informed decisions about the upcoming GDPR. You must not rely on the information in this article as an alternative to professional legal advice. The article has been contributed by Pavlos Sideris of Cashbacker – the leading gambling cashback community.
Affiliate Compliance
Rightlander and RavenTrack Partner to Boost Affiliate Marketing Compliance and Advertising Opportunities
Leading iGaming compliance and tracking platforms unite to bolster affiliate marketing integrity.
Rightlander, a leading provider of marketing compliance and intelligence solutions, has announced a strategic partnership with RavenTrack, a prominent affiliate tracking platform. This collaboration aims to enhance marketing compliance and risk management for Raven Track clients and help identify untapped advertising opportunities with affiliates across global markets.
The partnership will offer access to Rightlander’s comprehensive suite of innovative marketing compliance solutions, including web, search, and social media monitoring to track affiliate promotional activities, content compliance scanning to ensure adherence to regulatory requirements and monitoring services.
RavenTrack’s diverse client base spans established and emerging markets, and this partnership addresses the growing need for robust compliance measures in regions with evolving regulatory landscapes.
Sarafina Wolde Gabriel, CEO of Rightlander, commented on the partnership: “We’re excited to partner with RavenTrack to offer our cutting-edge compliance and marketing solutions to their global client base. As marketing regulations tighten in established and emerging markets, our tools will help brands and affiliates navigate the complex landscape of marketing compliance and capitalise on advertising opportunities.”
RavenTrack is a leading affiliate tracking platform specialising in providing advanced tracking and analytics solutions to help brands optimise their affiliate marketing programs. Its client base includes prominent brands such as Jumpman Gaming, Betfred, Bet9ja, and Mr. Q, to name a few.
Adam Rowley, RavenTrack’s Managing Director, expressed enthusiasm about the partnership: “At RavenTrack, we understand the critical importance of marketing compliance. Our collaboration with Rightlander represents a significant step forward in our mission to provide our clients with robust, innovative and effective tools for managing their affiliate programs.”
“By integrating Rightlander’s advanced compliance solutions with our cutting-edge tracking platform, we’re empowering our clients to navigate the complex regulatory landscape with confidence while maximising their marketing potential.”
This partnership represents a significant step forward in promoting responsible and compliant marketing practices in the rapidly evolving affiliate marketing industry. By combining RavenTrack’s expertise in affiliate tracking with Rightlander’s advanced compliance tools, the collaboration aims to set new standards for transparency and regulatory adherence in the sector.
Affiliate Compliance
Responsible Gambling Affiliate Association Announces Appointment of George Rover as Executive Director
Responsible Gambling Affiliate Association, the industry trade coalition that advocates for reasonable regulation, responsible advertising, and consumer protection has appointed George Rover as its first Executive Director to lead the organization. Comprising of six major players in the US online gambling affiliate sector, the Association includes Better Collective, Catena Media, FairPlay Sports Media, Gambling.com Group, Spotlight Sports Group, and XLMedia PLC.
As Executive Director, Rover will be responsible for executing the RGAA’s long-term mission to safeguard responsible gambling marketing and advertising practices. His duties as Executive Director will be pivotal in shaping the future of responsible affiliate practices, advocating the needs and interests of the Group’s members, promoting sensible regulation, fostering collaboration with industry stakeholders, and advocating for the highest standards of integrity.
“In the spirit of collaboration – whether it be with state regulators, politicians, legislators or online gambling operators, I look forward to working with key stakeholders and will champion the critical role affiliate companies play in the regulated online gambling ecosystem,” said Rover. “The formation of the RGAA will provide this essential segment of the industry with an important and constructive voice to promote responsible gambling, prioritizing the best interests of consumers through a unified set of high standards and guidelines to achieve long-term success.”
Prior to joining the RGAA, Rover held numerous senior positions with the New Jersey Department of Law and Public Safety, Office of the Attorney General and the New Jersey Division of Gaming Enforcement (NJDGE). At the NJDGE, Rover oversaw the agency’s Service Industry Licensing, Casino Prosecutions, Internet Gaming and Technical Services Bureaus. During his tenure, he directed the successful launch of Internet Gaming in New Jersey and supervised some of the NJDGE’s most complex licensing and organized crime investigations and prosecutions.
After his retirement from government service, Rover also worked closely with the industry’s leading gaming companies to form the Sports Wagering Integrity Monitoring Association (SWIMA), a national non-profit organization with the mission to detect and discourage fraud and other illegal activity related to betting on sporting events. In addition to his role with the RGAA, Rover will continue to support companies in the gaming industry through his strategic gaming advisory company, Princeton Global Strategies.
“We are thrilled to welcome George Rover to the RGAA family,” said Katie McCord, Chair of the Responsible Gambling Affiliate Association. “His unparalleled expertise, spanning decades in casino and sports betting law, will undoubtedly elevate our organization. George’s substantial contributions to the industry, including spearheading initiatives like SWIMA, showcase his commitment to integrity and innovation.”
Rover will participate in a fireside chat at the Next.io Online Gambling and Sports Betting Summit in New York on March 4 to discuss the dangers of the offshore and unregulated market which continues to target consumers in the US who still lack education regarding legitimate operators.
Affiliate Compliance
AFFILIATE QUALITY MARK LAUNCHED FOR 6 REGULATED MARKETS
At XY Legal Solutions, founder of the Dutch ‘Keurmerk Verantwoorde Affiliates (KVA)’ (https://kva.nl/), we have decided to launch the Quality Mark Responsible Affiliates (QMRA, https://qmra.eu/) for 6 regulated markets:
Spain, Norway, The United Kingdom, Denmark, Germany and Sweden.
The procedure works as follows: the affiliate applies (per website) through our contact form, after which the QMRA Team will review the website. QMRA has Compliance Codes per market on which the reviews will be based. These QMRA Compliance Codes are a distillation of the law in the named markets, relevant for affiliates. The yearly fee for QMRA membership per website is set at 695,- Euro’s (VAT excluded), 595,- when a company offers three or more websites.
The decision to launch this new Quality Mark stems from the tremendous success of KVA. The Dutch situation has demonstrated the need for an affiliate quality mark. No country has a quality mark like KVA. We now aim to change that.
Compliance demands for iGaming are growing for all regulated markets. For affiliates, it is becoming more and more important to show they are able to keep up with compliance standards. A quality mark helps affiliates demonstrate to operators that they are trustworthy. Next to that, the QMRA compliance procedures will help the affiliate to understand relevant legislation.
Launching websites are: CasinoHawks.Com (Game Lounge) and BetterWorldCasinos.Com (Coherentes)