Privacy is crucial when it comes to personal data. In some ways, iGaming draws many parallels with that of the financial sector and banking, said Internet Vikings CEO Peter Ekmark.
He explained: “There are huge similarities [between the igaming space and financial sector]. In a way, a gaming company is exactly the same as a bank. You open an account, you deposit money, you withdraw money from that account.”
However, while financial institutions are well aware about the implications of Privacy Shield invalidation, iGaming companies are not as informed about the seriousness of this ruling and its impact on the industry.
“To my surprise, we have seen a lot of concern from the financial sector but not so much from the igaming sector,” Ekmark said. “Typically the igaming sector is at the forefront of these [privacy] matters, including regulatory and marketing issues.”
In discussion with Oisin Lunny as part of an iGaming NEXT podcast, Ekmark suggested that the industry is facing a ‘ticking time bomb’ when it comes to information security – highlighting the discord between EU and US regulations.
“Privacy shield, previously named Safe Harbour, is all about protecting the General Data Protection Regulation (GDPR) framework when it comes to transferring data outside of the EU,” Ekmark continued. “It was set up to protect that relationship with the US in particular. The US has a different framework; instead of GDPR, they operate under the Cloud Act federal law.”
On 16 July 2020, the Court of Justice of the European Union – in a ruling later which was later named Schrems II – found that Privacy Shield was not fit for purpose, nor was it lawful.
“The problem that Max Schrems highlighted in a case which was ruled by the Court of Justice in the EU was that it was not adequate. It did not protect that personal data in the way that it should. Hence it was overruled and the Privacy Shield no longer exists.”
For those using cloud services of US based providers, Ekmark believes that many find themselves ‘stuck between a rock and a hard place’ when it comes to compliance with different regulations, arguing that the EU’s GDPR regulations and the US’ Cloud Act are at odds with one another.
“If you are active in the US, you have to be compliant with the laws such as the Cloud Act. The problem is that if you are a European entity, you need to adhere to GDPR. The Cloud Act and GDPR are not compliant. This means that, if subpoenaed, you may have to give personal data which you cannot do when complying with GDPR regulations. You’re then stuck in a bad place – it’s a political law which is not compliant and needs to be resolved.”
Referencing hosting giants such as Amazon or Microsoft, he noted that US-based companies must remain compliant with US laws, regardless of where the data is hosted. The easiest solution is to find a reliable cloud provider from Europe.
Internet Vikings not only boasts a full compliance with GDPR, but, as a rubber stamp of its own security credentials, Internet Vikings secured ISO/IEC 27001 certification for its Information Security Management System (ISMS) in March of this year. The certification is recognised as the highest and most reputable operating standard for information technology security and data protection systems.
“While lots of companies – including many igaming operators – have this certification, it [the issue of information security] is still likely to be flagged as being high risk in their next audit. So we must continue to work on this, giving our partners confidence to trust Internet Vikings to handle the hosting.”
“Large operators may not care for your business when the troubles come. We take care of your most valuable data, ensuring premium support to every client irrespective of size or market standing. From small businesses to vast enterprises – we treat every client as special.”