Sky Betting and Gaming’s practices have come under scrutiny, resulting in a regulatory reprimand from the UK Information Commissioner’s Office.
Between January 10 and March 3, 2023, the company processed users’ personal data via advertising cookies without their consent—a violation of data protection laws. This happened the moment users visited the Sky Bet website, before they could choose to accept or reject advertising cookies.
The breach of trust left users vulnerable, as their data was shared with advertising technology companies without their knowledge. While the UK regulator did not find evidence of deliberate targeting of vulnerable individuals, the company’s actions were deemed far from transparent or fair.
Investigation into Sky Betting and Gaming’s Illicit Activities
The investigation began following a complaint from Clean Up Gambling, a watchdog for responsible gaming. The concern? Whether Sky Betting and Gaming intentionally misused personal data to target vulnerable gamblers with tailored ads. Although no proof of deliberate exploitation surfaced, the company’s disregard for consent raised red flags for regulators.
By March 2023, Sky Betting and Gaming took corrective measures. Users now have the option to reject advertising cookies before their personal data is shared for targeted ads. This change came after the regulator concluded that the company’s previous practices did not align with lawful, transparent, or fair data processing standards.
A Broader Crackdown
The UK reprimand against Sky Betting and Gaming isn’t an isolated event. The regulator’s enforcement action is part of a broader initiative to clean up cookie practices across UK websites. In 2023, the regulator reviewed the top 100 most frequented UK websites, and the findings were alarming. More than half were non-compliant with data protection laws concerning cookie consent.
Of the 53 websites found in violation, 52 have since made changes. Only the gossip site Tattle Life remains noncompliant and is now under investigation. This broad campaign signals the regulator’s commitment to holding businesses accountable for cookie misuse.
Stephen Bonner’s Warning
Stephen Bonner, Deputy Commissioner at the UK Information Commissioner’s Office, shared his thoughts on the seriousness of the matter. He pointed to the intrusive nature of advertising cookies, emphasizing that individuals often see ads targeting them based on their digital behavior, such as browsing for health concerns or visiting gambling sites.
Bonner praised the websites that have already made changes, noting that 99 of the top 100 websites either now provide meaningful cookie consent options or are in the process of doing so. He noted key improvements, like the introduction of a “reject all” button and making the options for accepting or rejecting cookies equally prominent.
“Our enforcement action against Sky Betting and Gaming is a warning that there will be consequences if organisations breach the law, and people are denied the choice over targeted advertising.” Bonner said.
Cookie Compliance: A Global Issue
The Sky Bet case is part of a wider global movement to protect users from predatory data collection practices. In the digital age, cookies are a common tool that websites use to track users, often for advertising purposes. While cookies themselves are not inherently harmful, their misuse—especially without explicit consent—poses privacy risks.
Advertisers use these cookies to build profiles of individuals, allowing them to deliver personalized ads. However, the process is opaque, and most users remain unaware of how much data they are giving up, and to whom. That’s why laws like the General Data Protection Regulation (GDPR) and the UK Data Protection Act exist: to ensure transparency and give users control over their personal data.
A Clear Path Forward
To stay compliant, companies must follow a few key principles: consent must be informed, explicit, and freely given. Websites should not place cookies before a user agrees, and rejecting cookies should be as easy as accepting them. The regulator has also warned against using manipulative tactics, like making the “reject all” option harder to find or hiding it behind multiple clicks.
Sky Betting and Gaming’s case serves as a warning for others in the industry. The UK regulator has already shifted its focus to the next 100 most-visited websites, putting all organizations on notice. “We are preparing to scrutinise the next 100 most frequented websites, so I urge all organisations to assess their cookie banners now,” Bonner said.
Upcoming UK Guidance
Later this year, the regulator plans to publish updated guidance on cookies and similar tracking technologies. The update will also address the controversial “consent or pay” business model, which requires users to either consent to data collection or pay a fee to use the service without tracking. This model is currently under review.
As the digital landscape evolves, so too will regulations around privacy and data protection. Companies that fail to keep pace may find themselves facing enforcement action, much like Sky Betting and Gaming. The stakes are high, and the need for lawful, transparent practices has never been greater.
The Road Ahead
Organizations that rely on advertising cookies should take immediate action to ensure compliance. This means conducting audits of cookie practices, updating privacy policies, and redesigning cookie banners to make consent mechanisms clear and easy to use. Those who don’t comply risk not just fines but a loss of consumer trust—something far harder to regain.
The warning and latest developments come on the heels of Google taking a similar route of scrapping its plan to phase out third-party cookies in Chrome, opting instead to give users control over whether to keep or reject them. This U-turn, after years of delays, is seen as a win for advertisers but a setback for privacy advocates.
Critics say the move helps Google maintain its advertising stronghold under the guise of consumer choice. According to Google, users will have the option to adjust their cookie preferences across web browsing at any time.
In today’s privacy-first world, the message is clear: obtaining consent is no longer optional.
