UKGC Data Policy Obscures Harm Talks
FOI reveals regulator's three-year email retention policy may have deleted key correspondence with the ICO on consumer protection.
A Freedom of Information request has revealed the UK Gambling Commission's three-year email retention policy may have led to the permanent deletion of correspondence with the ICO concerning gambling harm and the Single Customer View, limiting transparency on key consumer protection projects.
Article Content
UKGC Data Retention Policy Limits Transparency on Key Projects
A Freedom of Information (FOI) response has revealed that the UK Gambling Commission (UKGC) may have permanently deleted email correspondence with the Information Commissioner's Office (ICO) relating to gambling harm and the Single Customer View (SCV) project.
The disclosure, dated 1 June 2024, shows that the regulator's data retention policy only requires emails to be kept for three years, potentially limiting public scrutiny of the development of crucial consumer protection initiatives.
Context: Why This Correspondence Matters
The Single Customer View is a key part of the UK's strategy to reduce gambling harm. It aims to create a system where operators can share data on at-risk customers to prevent them from incurring significant losses across multiple gambling websites. The development of such a system involves complex data protection considerations, making the dialogue between the UKGC (the gambling regulator) and the ICO (the data protection regulator) fundamentally important.
Understanding how these two bodies navigated issues of privacy, data sharing, and consumer protection is vital for assessing the effectiveness and lawfulness of the final SCV solution. The deletion of these early discussions hinders the ability of consumers and researchers to fully scrutinise the project's origins.
Details of the FOI Response
The request sought all correspondence between the UKGC and the ICO from 1 January 2020 to the present day, specifically mentioning "Gambling harm," "DSAR" (Data Subject Access Request), and "Single Customer View (SCV)."
In its response, the Gambling Commission confirmed it had processed the request but issued a partial exemption. The key findings from its response are:
- Three-Year Retention Policy: The UKGC stated, "in line with the Commission retention policy, email correspondence is only available for a period of three years, unless the email is saved elsewhere."
- Confirmed Data Deletion: The Commission admitted, "As such some information which may have been within the scope of your request will have already been deleted from our systems."
- Partial Release: The UKGC provided some information in a heavily redacted 15.9 MB PDF file. Personal information was redacted under section 40(2) of the FOI Act to protect individuals' privacy. Draft documents were also withheld.
The Commission directed the requester to publicly available documents, including final reports from the ICO's Regulatory Sandbox project, which explored the data protection implications of the SCV. These reports represent the formal outcome of the collaboration.
Significance: What This Means for Consumers
While the UKGC has published the final outcomes of its work with the ICO, the FOI response reveals that the underlying communications and developmental stages may not be fully available for public review. The three-year email retention policy means that discussions from early 2020 to mid-2021 regarding these critical consumer protection topics are likely gone.
For consumers and transparency advocates, this raises questions about the long-term accountability of the regulator. The deleted emails would have provided insight into the initial challenges, debates, and potential disagreements that shaped the policies designed to protect vulnerable gamblers. Without a complete record, a full understanding of how these significant data-sharing initiatives were formed is now more difficult to achieve.