Connect with us

Affiliate Compliance

Preparing For GDPR As An Affiliate

Published

on

Preparing For GDPR As An Affiliate

Data collection has become an essential part of the operations of most organisations, especially those operating online. While it is effective, it has also given rise to a number of concerns surrounding how that data can both be misused, and become the target of theft.

This GDPR is a new legislative agenda that aims to improve the safety of individuals’ data, as well as regulate how that data is collected, processed and used.

As of the 25th of May, businesses of all shapes and sizes, will need to ensure that they are fully compliant with this new legislation if they serve customers (have traffic) originating from the EU – and affiliates are no exception.

The purpose of affiliate sites is to drive traffic to merchants and operators in order to earn a commission. The more savvy of affiliates, will collect data in numerous ways in order to be able to remarket to their users, if not only to understand their users better, improve customer journey, and in turn, conversion rates.

The data collected on those users most likely falls under the realms of GDPR, and with some heavy penalties of up to €20,000,000, or 4% of annual turnover, it isn’t just another ‘inconvenience’ that should be ignored.

How to Ensure Compliance

Understand what Personal Information is

Personal information includes obvious data such as name, email address and phone number. Many affiliates won’t collect this kind of data, unless they at least have a newsletter subscription form on their website. However, it’s likely that all affiliates have some kind of website tracking/analytics software installed on their website.

Under GDPR’s definition of personal data, it includes “any information relating to an identified or identifiable natural person”.

It then continues to explain that “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Note the use of the terms “identification number”, “location data” and “online identifier”. Under GDPR, collection of IP addresses and the storing of cookies could be deemed to be deserving of consent from the individual prior to collection, if that data could be used to identify them. Note also, that it doesn’t necessarily mean personally identifying them – if cookies are being used to create a ‘profile’ on an individual, which is being processed on subsequent visits or across websites, then that is deemed as identifying them.

Obtain Consent

The key to the GDPR’s vision is the role of consent. Consent must be obtained from all individuals prior to collecting data on them that could be used to identify them “directly, or indirectly”, as well as an explanation as to the purpose for processing that data.

Consent must be “clear and distinguishable from other matters” and “provided in an intelligible and easily accessible form”. This means that it can no longer be hidden away in the midst of a website’s T&Cs, and in fact it must be entirely separate and written in clear and plain language.

The request for consent can be included in a Privacy Policy, however, a timestamp of when consent was given, as well as details of what the individual was consenting to (i.e. version of privacy policy), must be recorded for audit purposes. Therefore, an “opt-in” style checkbox or similar must be presented to users before any data collection can commence. Furthermore, pre-ticked boxes or “opt-out” options are no longer permitted, and as a minimum, a link to the full request for consent (privacy policy) must be presented.

All affiliates should review their privacy policies (or create one if they don’t already have one), and ensure it complies with GDPR.  The request for consent must explain what data is being collected, why it’s being collected, how it will be used, and how long it will be kept for.

If affiliates’ privacy policies and “opt-in” practices don’t satisfy the condition of GDPR, then reconfirmation or re-permission must be obtained.

Users should also have the ability to easily opt-out or close their account with immediate effect if they no longer wish to be subscribed or for their data to be used. It must be “as easy to withdraw consent as it is to give it”.

What does this mean for cookies, and website analytics software?

If the cookies set by your analytics software are collecting data that will be used across websites (i.e. for advertising), then you must obtain consent from users before using it. The standard Google Analytics code doesn’t have Advertising Features turned on, and so technically it doesn’t even fall under the ‘Cookie Law’.

Affiliates should limit the features and data they collect to an absolute minimum. E.g. if they don’t need or use demographic reports in Google Analytics, then they should disable Advertising Features. Relying on consent should be avoided at all times where possible.

Provide Access to Data

Individuals will have the right to request a copy of the data held on them under GDPR. Requests must be fulfilled within 1 month, and the data supplied free of charge, in an easily accessible, understandable, and electronic format. They also have the right to correct or amend any information they see as inaccurate.

Affiliates should therefore prepare for the eventuality that one of their users exercises such a request.

Right To Be Forgotten

Individuals will also have the power to request that any information held on them be deleted. This will most certainly include personally identifiable data held in affiliates’ databases and 3rd party tools, but will also include any data which is ‘linked’ to from affiliates’ systems. For example, Google Analytics has a feature allowing the linking of User IDs and tracking cookies. The purpose is to track users across devices, and count them as the same user, rather than 2 or more unique users. Google have announced a tool which allows deletion of any data linked to such User IDs.

Improve Security

Security should be a top priority anyway, even a before GDPR was on the horizon. Nevertheless, affiliates should review their website security and ask themselves what they are doing to prevent a breach, as well as the ways in which data could be stolen/abused in the event of a breach. Historically only passwords were encrypted, however there is now more of a case than ever to encrypt other data too.

Notify Breaches

If an affiliate is unfortunate enough to suffer a breach, they will need to make the appropriate Data Protection Authority (DPA) aware of it. All organisations have 72 hours to report the breach, and organisations acting as data processors will be required to notify their customers (data controllers).

Appoint a Data Protection Officer

A DPO will only be required if your organisation handles a large volume of data, or is involved in monitoring this data on a large scale. In most cases this doesn’t apply to affiliates, however, they will still need to act responsibly, review their internal record keeping, and ensure that consent and data collected is auditable.

Be Paranoid about Privacy

Under the GDPR, failure to implement adequate precautions when it comes to data protection and privacy will result in the most serious penalties they have to offer. And this doesn’t only relate to online privacy.

 

Affiliates should review the existing safeguards they have in place to prevent data getting into the wrong hands, both online and offline i.e. in their home office or work premises.  Staff should be restricted to accessing information that is absolutely critical to their role and thought should be given to what physical data would be at risk in the event of a physical break-in.

 

This article contains general information for affiliates to make their own informed decisions about the upcoming GDPR. You must not rely on the information in this article as an alternative to professional legal advice.  The article has been contributed by Pavlos Sideris of Cashbacker – the leading gambling cashback community.

Affiliate Compliance

Largest Dutch poker affiliate complies with regulatory changes post introduction of new Dutch gambling law

Published

on

Largest Dutch poker affiliate complies with regulatory changes post introduction of new Dutch gambling law

 

PokerKamers.nl, one of the Netherlands’ first and largest poker affiliate sites, introduced a new policy that fully complies with the regulatory changes that came in effect after the Dutch Gambling Authority (Kansspelautoriteit/ KSA) introduced its set of rules for operators to offer legal poker in the Netherlands.

As of October 2021, PokerKamers.nl, a Dutch spoken website existing since 2006, launched its new website. The founders introduced a policy to comply with new regulations, after the new Dutch gambling law took effect on October 1st of 2021.

“Being fully compliant meant saying farewell to online poker sites that did not receive a license to legally operate in the Netherlands; this includes renowned sites like partypoker and bwin, as parent company Entain’s initial application got rejected,” said PokerKamers.nl founder Joris Koningsberg.

Entain plc, one of the world’s largest gambling/ gaming, poker, and betting operators, did not receive a license to offer their brands in the Netherlands, including their online poker sites, because they continued to accept Dutch customers after the market closed due to the Dutch Remote Gambling Act (Kansspel op Afstand/ KOA) on April 1st of 2021.

“It was an easy decision, because the only other option was working with illegal poker sites. And besides, one of our favorite partners (ed: Hillside plc’s bet365) did receive their license,” said Joris Koningsberg.

Meanwhile, all Entain brands now comply to the Dutch Gambling Authority’s cooling off period and the company is expected to obtain a license in the first half of 2022.

With the decision to be fully compliant to Dutch law and regulations, PokerKamers.nl also improved the overall quality of its website. A new look and feel, a comprehensive audit of all existing pages and many new, were completed before the launch of their new website.

“And there is more,” said PokerKamers.nl co-owner Oscar Oosterling, “We have added a poker course, several tools including a tournament filter and the M-Calculator, and poker cheat sheets. And our to-do list is only getting bigger.”

PokerKamers.nl is a website to keep on your radar the next few months. New gambling licenses will be issued, and this website will only list the very best of them. You can expect continuous updates and new features that improve the overall quality and user experience. And with PokerKamers.nl being a compliant poker affiliate, you can rest assured that you’re not going to be misled into signing up with shady – or illegal poker sites.

Continue Reading

Affiliate Compliance

GiG adds Matching Visions to its growing list of partners for GiG Comply

Published

on

GiG adds Matching Visions to its growing list of partners for GiG Comply

 

Gaming Innovation Group Inc. (GiG) has signed an agreement with Malta-based ​​affiliate network, Matching Visions, recently acquired by Acroud AB, for the provision of its B2B marketing compliance software, GiG Comply.

GiG’s automated marketing compliance solution allows operators and affiliate networks like Matching Visions to scan web pages for content, links and iGaming code red words. The rules engine based software analyses snapshots from advertising campaigns and provides insights in real-time of the content, which is being used by affiliates to promote operators brands.

As more markets regulate, the excelled need for brands to have a strong digital presence has resulted in heightened advertising regulations. It’s now more important than ever that operators and affiliate networks alike invest in marketing compliance software.

GiG Comply will support Matching Visions with its compliance strategy, helping to ensure that responsible gaming measures are visible on relevant pages, and terms and conditions are correct and up to date throughout all markets, it operates in.

Jonas Warrer, CMO at GiG, said:  We look forward to supporting Matching Visions in its efforts to enhance its affiliate marketing compliance. The excelled demand for GiG Comply is a clear sign that more and more affiliates like Matching Visions are placing strong value on creating a more responsible and sustainable gaming movement – this makes us very proud.

Dennis Dyhr-Hansen, CEO at Matching Visions, said: It’s extremely important for us to ensure we remain 100% compliant no matter which geo or brand we are sending traffic to. We want to be completely transparent to all brands that work with us that we take compliance very seriously and will do what it takes to be at the forefront of compliance. We are proud to partner up with GiG Comply to make this happen!

Continue Reading

Affiliate Announcements

Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check

Published

on

Tombola shocks affiliate world: Dutch affiliates forced to pay 1125 for compliance check

 

Tombola, one of the largest online bingo sites globally, has decided to require affiliates who want to promote the Tombola bingo site in the Netherlands to take a compliance check with a legal consultancy firm. In the first year, this compliance check costs 1125 euros per website. Tombola is the first company in the industry to operate in this way.

Affiliates cannot choose by whom they want to conduct the compliance check. Tombola only accepts the compliance check of the legal consultancy firm XY Legal Solutions BV.

XY Legal has set up the KVA seal of approval as a brand for their compliance check. The KVA seal should not be confused with the KSA, the Dutch Gaming Authority. The KVA has nothing to do with the KSA, and is not accredited by the KSA.

XY Legal charges 1125 euros per website for their commercial KVA quality mark. After the first year, affiliates must pay another 725 euros per year per website to remain compliant.

Jan Westerhoff, Dutch igaming specialist at Nieuwslog.nl explains that this means an extra cost of tens of thousands of euros for affiliate companies with a large number of websites.

Marc Smit, country manager Netherlands at Tombola, indicates that this set-up was chosen because Tombola has no Dutch affiliate compliance employees.

“We do indeed set the KVA seal of approval as a condition for starting an affiliate program at Tombola. We believe that an affiliate partner should be tested,” says Marc Smit.

XY Legal indicates that their compliance check is not quantitative and that not the entire website will be checked. The general terms and conditions clearly state, “This means that not the entire website gets a full check.”.

Mr Steven Vrolijk of XY Legal indicates, “As mentioned, we always emphasize in communication that providers do well to also maintain their own compliance checks.”.

Therefore, it is unclear why Tombola seems to sail blindly on the expensive seal of approval of XY Legal and thus drives affiliates to high costs.

Jan Westerhoff says: “Tombola is the only provider with a Dutch KSA license that imposes this requirement. All other operators on the Dutch market, such as Bet365 and Betcity, do their own compliance check, and those companies do not charge affiliates for this.”.

“As far as is I known, Tombola.nl is unique in the igaming industry with their way of forcing affiliates to buy a seal from a commercial consultancy firm.”.

It seems that Tombola is trying to cut back on their compliance costs by making the affiliate pay for these costs. Marc Smit confirms: “Tombola will not pay for this (the compliance check, ed.).”.

Tombola’s decision created shockwaves in the igaming world. According to Jan Westerhoff this will create an unworkable situation in the affiliate market if other operators follow. “Imagine all the extra costs involved if every operator would require a compliance check from a different consultancy firm. This would mean gigantic bills for affiliate companies, and the only winners would be the money-grabbing consultants who want to make a quick buck.”.

The KVA seal of approval is not entirely uncontroversial. Several affiliates who have the seal are mentioned as customers on the website of XY Legal Solutions. Entanglement of interests seems to be lurking. The legal consultancy firm does indicate that every affiliate website must meet the same requirements. The question is how they guarantee this.

Continue Reading
Advertisement

Latest News

The 5th AskGamblers Awards Winners Are Here! The 5th AskGamblers Awards Winners Are Here!
News1 week ago

The 5th AskGamblers Awards Winners Are Here!

  After several months of anticipation, on a magical night on 16 June we finally revealed the names of winners...

MiFinity launches the most competitive affiliate programme in the industry MiFinity launches the most competitive affiliate programme in the industry
Affiliate Program News2 weeks ago

MiFinity launches the most competitive affiliate programme in the industry

  MiFinity Affiliates affirms the company’s commitment to growth with the highest revenue commission in the industry, adding more value...

VegasSlots.net Undergoing Revamp and Content Update VegasSlots.net Undergoing Revamp and Content Update
News3 weeks ago

VegasSlots.net Undergoing Revamp and Content Update

  In the ever-changing world of online casinos, keeping the gaming suite up to date is essential. VegasSlots.net, a well-known...

Casino Guru Complaints Resolution Center Breaks Another Record: Almost $1 Million Returned to Players in May 2022 Casino Guru Complaints Resolution Center Breaks Another Record: Almost $1 Million Returned to Players in May 2022
News3 weeks ago

Casino Guru Complaints Resolution Center Breaks Another Record: Almost $1 Million Returned to Players in May 2022

  May has become a new record month for Casino Guru whose Complaints team has seen $915,000 returned to unfairly...

After succesful Dutch Affiliate Quality Mark, UK Focused Quality Mark is being launched After succesful Dutch Affiliate Quality Mark, UK Focused Quality Mark is being launched
News3 weeks ago

After succesful Dutch Affiliate Quality Mark, UK Focused Quality Mark is being launched

  On September 8, 2021, XY Legal Solutions successfully launched the ‘Keurmerk Verantwoorde Affiliates’ (KVA), a quality mark for Dutch...

News4 weeks ago

Most Reputable Online Casinos in Ohio

  Ohio’s state government is yet to legalize online casinos, card games, and sportsbooks. Governor Mike DeWine signed the corresponding...

Betsson Group Affiliates to sponsor AffPapa iGaming Awards Betsson Group Affiliates to sponsor AffPapa iGaming Awards
Awards1 month ago

Betsson Group Affiliates to sponsor AffPapa iGaming Awards

  Betsson Group Affiliates has made it to the list of the AffPapa iGaming Awards as a Silver Sponsor. The...

News1 month ago

How important are partnerships in iGaming?

  Many industries have been driven by rivalries as every company is striving for the best – but it’s not...

News2 months ago

Current Situation on US Gambling Law

  According to the American Gaming Association, the United States gambling industry is worth some $240 billion. That’s more than...

Royal Partners as Platinum Sponsor of AffPapa iGaming Awards Royal Partners as Platinum Sponsor of AffPapa iGaming Awards
Awards2 months ago

Royal Partners as Platinum Sponsor of AffPapa iGaming Awards

  Royal Partners will join AffPapa iGaming Awards 2022 as the Platinum Sponsor of the event, honoring affiliates and operators....

Trending

European Gaming Media and Events is a leading media and boutique event organizer in the European Union with a monthly reach of +110,000 readers. The official company (PROSHIRT SRL), has been listed for 4 years in a row among the top 3 Advertising and market research agencies in the local Top Business Romania Microcompanies based on the Financial Reports.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2022 European Gaming Media and Events. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania