Connect with us

Affiliate Compliance

Preparing For GDPR As An Affiliate

Published

on

Preparing For GDPR As An Affiliate

Data collection has become an essential part of the operations of most organisations, especially those operating online. While it is effective, it has also given rise to a number of concerns surrounding how that data can both be misused, and become the target of theft.

This GDPR is a new legislative agenda that aims to improve the safety of individuals’ data, as well as regulate how that data is collected, processed and used.

As of the 25th of May, businesses of all shapes and sizes, will need to ensure that they are fully compliant with this new legislation if they serve customers (have traffic) originating from the EU – and affiliates are no exception.

The purpose of affiliate sites is to drive traffic to merchants and operators in order to earn a commission. The more savvy of affiliates, will collect data in numerous ways in order to be able to remarket to their users, if not only to understand their users better, improve customer journey, and in turn, conversion rates.

The data collected on those users most likely falls under the realms of GDPR, and with some heavy penalties of up to €20,000,000, or 4% of annual turnover, it isn’t just another ‘inconvenience’ that should be ignored.

How to Ensure Compliance

Understand what Personal Information is

Personal information includes obvious data such as name, email address and phone number. Many affiliates won’t collect this kind of data, unless they at least have a newsletter subscription form on their website. However, it’s likely that all affiliates have some kind of website tracking/analytics software installed on their website.

Under GDPR’s definition of personal data, it includes “any information relating to an identified or identifiable natural person”.

It then continues to explain that “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Note the use of the terms “identification number”, “location data” and “online identifier”. Under GDPR, collection of IP addresses and the storing of cookies could be deemed to be deserving of consent from the individual prior to collection, if that data could be used to identify them. Note also, that it doesn’t necessarily mean personally identifying them – if cookies are being used to create a ‘profile’ on an individual, which is being processed on subsequent visits or across websites, then that is deemed as identifying them.

Obtain Consent

The key to the GDPR’s vision is the role of consent. Consent must be obtained from all individuals prior to collecting data on them that could be used to identify them “directly, or indirectly”, as well as an explanation as to the purpose for processing that data.

Consent must be “clear and distinguishable from other matters” and “provided in an intelligible and easily accessible form”. This means that it can no longer be hidden away in the midst of a website’s T&Cs, and in fact it must be entirely separate and written in clear and plain language.

The request for consent can be included in a Privacy Policy, however, a timestamp of when consent was given, as well as details of what the individual was consenting to (i.e. version of privacy policy), must be recorded for audit purposes. Therefore, an “opt-in” style checkbox or similar must be presented to users before any data collection can commence. Furthermore, pre-ticked boxes or “opt-out” options are no longer permitted, and as a minimum, a link to the full request for consent (privacy policy) must be presented.

All affiliates should review their privacy policies (or create one if they don’t already have one), and ensure it complies with GDPR.  The request for consent must explain what data is being collected, why it’s being collected, how it will be used, and how long it will be kept for.

If affiliates’ privacy policies and “opt-in” practices don’t satisfy the condition of GDPR, then reconfirmation or re-permission must be obtained.

Users should also have the ability to easily opt-out or close their account with immediate effect if they no longer wish to be subscribed or for their data to be used. It must be “as easy to withdraw consent as it is to give it”.

What does this mean for cookies, and website analytics software?

If the cookies set by your analytics software are collecting data that will be used across websites (i.e. for advertising), then you must obtain consent from users before using it. The standard Google Analytics code doesn’t have Advertising Features turned on, and so technically it doesn’t even fall under the ‘Cookie Law’.

Affiliates should limit the features and data they collect to an absolute minimum. E.g. if they don’t need or use demographic reports in Google Analytics, then they should disable Advertising Features. Relying on consent should be avoided at all times where possible.

Provide Access to Data

Individuals will have the right to request a copy of the data held on them under GDPR. Requests must be fulfilled within 1 month, and the data supplied free of charge, in an easily accessible, understandable, and electronic format. They also have the right to correct or amend any information they see as inaccurate.

Affiliates should therefore prepare for the eventuality that one of their users exercises such a request.

Right To Be Forgotten

Individuals will also have the power to request that any information held on them be deleted. This will most certainly include personally identifiable data held in affiliates’ databases and 3rd party tools, but will also include any data which is ‘linked’ to from affiliates’ systems. For example, Google Analytics has a feature allowing the linking of User IDs and tracking cookies. The purpose is to track users across devices, and count them as the same user, rather than 2 or more unique users. Google have announced a tool which allows deletion of any data linked to such User IDs.

Improve Security

Security should be a top priority anyway, even a before GDPR was on the horizon. Nevertheless, affiliates should review their website security and ask themselves what they are doing to prevent a breach, as well as the ways in which data could be stolen/abused in the event of a breach. Historically only passwords were encrypted, however there is now more of a case than ever to encrypt other data too.

Notify Breaches

If an affiliate is unfortunate enough to suffer a breach, they will need to make the appropriate Data Protection Authority (DPA) aware of it. All organisations have 72 hours to report the breach, and organisations acting as data processors will be required to notify their customers (data controllers).

Appoint a Data Protection Officer

A DPO will only be required if your organisation handles a large volume of data, or is involved in monitoring this data on a large scale. In most cases this doesn’t apply to affiliates, however, they will still need to act responsibly, review their internal record keeping, and ensure that consent and data collected is auditable.

Be Paranoid about Privacy

Under the GDPR, failure to implement adequate precautions when it comes to data protection and privacy will result in the most serious penalties they have to offer. And this doesn’t only relate to online privacy.

 

Affiliates should review the existing safeguards they have in place to prevent data getting into the wrong hands, both online and offline i.e. in their home office or work premises.  Staff should be restricted to accessing information that is absolutely critical to their role and thought should be given to what physical data would be at risk in the event of a physical break-in.

 

This article contains general information for affiliates to make their own informed decisions about the upcoming GDPR. You must not rely on the information in this article as an alternative to professional legal advice.  The article has been contributed by Pavlos Sideris of Cashbacker – the leading gambling cashback community.

Affiliate Announcements

Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check

Published

on

Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check

 

Tombola, one of the largest online bingo sites globally, has decided to require affiliates who want to promote the Tombola bingo site in the Netherlands to take a compliance check with a legal consultancy firm. In the first year, this compliance check costs 1125 euros per website. Tombola is the first company in the industry to operate in this way.

Affiliates cannot choose by whom they want to conduct the compliance check. Tombola only accepts the compliance check of the legal consultancy firm XY Legal Solutions BV.

XY Legal has set up the KVA seal of approval as a brand for their compliance check. The KVA seal should not be confused with the KSA, the Dutch Gaming Authority. The KVA has nothing to do with the KSA, and is not accredited by the KSA.

XY Legal charges 1125 euros per website for their commercial KVA quality mark. After the first year, affiliates must pay another 725 euros per year per website to remain compliant.

Jan Westerhoff, Dutch igaming specialist at Nieuwslog.nl explains that this means an extra cost of tens of thousands of euros for affiliate companies with a large number of websites.

Marc Smit, country manager Netherlands at Tombola, indicates that this set-up was chosen because Tombola has no Dutch affiliate compliance employees.

“We do indeed set the KVA seal of approval as a condition for starting an affiliate program at Tombola. We believe that an affiliate partner should be tested,” says Marc Smit.

XY Legal indicates that their compliance check is not quantitative and that not the entire website will be checked. The general terms and conditions clearly state, “This means that not the entire website gets a full check.”.

Mr Steven Vrolijk of XY Legal indicates, “As mentioned, we always emphasize in communication that providers do well to also maintain their own compliance checks.”.

Therefore, it is unclear why Tombola seems to sail blindly on the expensive seal of approval of XY Legal and thus drives affiliates to high costs.

Jan Westerhoff says: “Tombola is the only provider with a Dutch KSA license that imposes this requirement. All other operators on the Dutch market, such as Bet365 and Betcity, do their own compliance check, and those companies do not charge affiliates for this.”.

“As far as is I known, Tombola.nl is unique in the igaming industry with their way of forcing affiliates to buy a seal from a commercial consultancy firm.”.

It seems that Tombola is trying to cut back on their compliance costs by making the affiliate pay for these costs. Marc Smit confirms: “Tombola will not pay for this (the compliance check, ed.).”.

Tombola’s decision created shockwaves in the igaming world. According to Jan Westerhoff this will create an unworkable situation in the affiliate market if other operators follow. “Imagine all the extra costs involved if every operator would require a compliance check from a different consultancy firm. This would mean gigantic bills for affiliate companies, and the only winners would be the money-grabbing consultants who want to make a quick buck.”.

The KVA seal of approval is not entirely uncontroversial. Several affiliates who have the seal are mentioned as customers on the website of XY Legal Solutions. Entanglement of interests seems to be lurking. The legal consultancy firm does indicate that every affiliate website must meet the same requirements. The question is how they guarantee this.

Continue Reading

Affiliate Compliance

Rightlander.com unites with The Pools

Published

on

Rightlander.com unites with The Pools

 

Leading sportsbook & casino operator to improve affiliate compliance with suite of innovative tools

Compliance specialist, Rightlander.com has put pen to paper on a deal that will see it provide online sportsbook and casino operator The Pools with its innovative technologies.

The Pools will now use Rightlander’s advanced solutions to take its compliance procedures to the next level. The technology which encompasses a comprehensive range of affiliate compliance tools will scan the sportsbook and casino affiliate websites, monitoring all activity which mentions or links to their brands for compliance related breaches, whilst also searching for certain events and conditions defined by the operator.

This puts the power in the operator’s hands, allowing it to ensure that all affiliates sending traffic to its sites are doing so in a compliant and responsible manner.

Nicole Mitton, Head of Customer Success at Rightlander.com, said: “Rightlander has had the privilege of working with The Pools since the recent launch of their affiliate programme and it’s extremely encouraging to see affiliate advertising monitoring being implemented right from the start. We look forward to working helping them improve their affiliate compliance initiatives”

Andrea Foley, Marketing Manager at The Pools, said: “We have been growing digitally, inventing new games for new audiences, while remaining faithful to our heritage.”

“As a responsible operator it is important to us that any affiliates promoting our products are fully compliant and meet industry guidelines. Working with Rightlander ensures that all activity linked to our brand is monitored and any breaches are quickly brought to our attention.”

Rightlander offers compliance checks across 35 territories including the United Kingdom helping top operators and affiliates stay compliant across multiple regulated jurisdictions.

Continue Reading

Affiliate Compliance

BuzzBingo.com teams up with Rightlander to boost affiliate compliance measures

Published

on

Rightlander partners with BetBull

 

Tier one operator becomes the latest to leverage Rightlander’s innovative compliance platform

Buzz Bingo has become the latest tier one operator to partner with leading compliance experts, Rightlander.com, to boost their responsible gambling capabilities.

The Rightlander compliance platform consists of several affiliate compliance tools that are tailored to cover market specific legislation and advertising standards.  These include the Automated Compliance Monitor, PPC Monitor and Affiliate Mapping Tools all of which assist operators manage and monitor their affiliate traffic on-demand.

The Automated Compliance Monitor detects non-compliant content across multiple territories and flags violations such as missing terms and conditions, outdated offers, and incorrect marketing assets. This helps ensure that affiliates are aligned with the brand and marketing message, further strengthening Buzz Bingo’s compliance strategy.

The PPC Monitor identifies harmful ads to stop them from appearing on an operator’s branded keywords while the Affiliate Mapping Tool helps operators map previously undeclared affiliate sites to known affiliates.

Commenting on the partnership, Nicole Mitton, Head of Customer Success at Rightlander.com, said:  “Operators understand the importance of ensuring that affiliates sending traffic to their sites are acting responsibly, but monitoring and managing all of this can be daunting.”

“The Rightlander platform takes the hassle out of ensuring affiliate compliance, and we are delighted to be working with Buzz Bingo to help them improve their processes and better manage their affiliate partners.”

David Abrams, Senior Online Media Manager at Buzz Bingo, said: “Responsible gambling measures are one of the highest priorities to us as an operator and partnering with Rightlander means we can ensure we’re running an even more robust and compliant affiliate strategy. Working with multiple affiliates, we need to ensure they are completely aligned with our responsible gambling positioning at all times, and this requires careful monitoring of all traffic coming our way. The Rightlander platform does exactly that so we’re very happy to be working with them”.

Continue Reading
Advertisement

Latest News

Global brand 24kCasino removes admin fees for affiliates Global brand 24kCasino removes admin fees for affiliates
Affiliate Announcements1 week ago

Global brand 24kCasino removes admin fees for affiliates

  24KCasino is proud to be an independently run casino 24K Casino has recently stepped away from the white label...

Frapapa Launch New Affiliate Program with Income Access Frapapa Launch New Affiliate Program with Income Access
Affiliate Announcements1 month ago

Frapapa Launch New Affiliate Program with Income Access

  Income Access is thrilled to announce their partnership with Frapapa, in addition to the launch of their new affiliate...

OUTLAST DFS Launch New Affiliate Program with Income Access OUTLAST DFS Launch New Affiliate Program with Income Access
Affiliate Program News1 month ago

OUTLAST DFS Launch New Affiliate Program with Income Access

  Income Access is thrilled to announce their partnership with OUTLAST DFS, an exciting Daily Fantasy Sports App that has...

News1 month ago

Casinos Without Registration are the Most Popular in Finland

  A popular way of playing online casino games in Finland is at a casino without registration. No registration casinos...

Festive season at King Billy Casino starts with a A$140.412 win! Festive season at King Billy Casino starts with a A$140.412 win!
News1 month ago

Festive season at King Billy Casino starts with a A$140.412 win!

  The festive season at King Billy Casino has started with a bang and a win! Only one week into...

Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check
Affiliate Announcements2 months ago

Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check

  Tombola, one of the largest online bingo sites globally, has decided to require affiliates who want to promote the...

Lottery.com Announces Hiring of Greg Potts as Global VP of Affiliate Success Lottery.com Announces Hiring of Greg Potts as Global VP of Affiliate Success
Affiliate Announcements2 months ago

Lottery.com Announces Hiring of Greg Potts as Global VP of Affiliate Success

  Lottery.com Inc., a leading technology company that is transforming how, where and when the lottery is played,  announced that...

News2 months ago

How Scalable Blockchains Can Change the iGaming Affiliate Industry for the Better

  Recently, iGaming pioneer Calvin Ayre called on the online gambling industry to go all-in on BSV blockchain. This blockchain...

Gambling.com Group is the 2021 EGR Affiliate of the Year Gambling.com Group is the 2021 EGR Affiliate of the Year
Affiliate Success2 months ago

Gambling.com Group is the 2021 EGR Affiliate of the Year

  Gambling.com Group Limited, a leading provider of player acquisition services for the regulated global online gambling industry, announced it...

PartnerMatrix and SlotsCalendar sign partnership to raise security awareness PartnerMatrix and SlotsCalendar sign partnership to raise security awareness
Affiliate Announcements2 months ago

PartnerMatrix and SlotsCalendar sign partnership to raise security awareness

  Affiliate marketing software provider, PartnerMatrix, and SlotsCalendar, the IMDb of online slots, have just signed a partnership, raising awareness...

Trending

European Gaming Media and Events is a leading media and boutique event organizer in the European Union with a monthly reach of +110,000 readers. The official company (PROSHIRT SRL), has been listed for 4 years in a row among the top 3 Advertising and market research agencies in the local Top Business Romania Microcompanies based on the Financial Reports.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2022 European Gaming Media and Events. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania