UKGC: No Policy on Redacted IDs for Online Bets
FOI reveals regulator has not specified rules for online operators, leaving customers and firms in a grey area.
A Freedom of Information request has revealed the UK Gambling Commission has no specific policy on customers submitting redacted ID documents to online gambling sites. While this offers potential data privacy benefits for consumers, it also means operators can set their own rules, leading to potential inconsistencies.
Article Content
A Freedom of Information (FOI) response from the UK Gambling Commission (UKGC) has confirmed that the regulator has no specific policy preventing online gambling customers from redacting sensitive, non-essential information from their verification documents.
The disclosure, dated 26 February 2025, clarifies a long-standing grey area for consumers concerned about data privacy when completing Know Your Customer (KYC) checks.
What the FOI Reveals
The request asked the UKGC whether licensed operators must accept only fully unredacted documents and if there was any formal policy requiring the rejection of partially redacted IDs. The Commission's response for online gambling was direct.
"For identity verification by remote (online gambling) operators, we have not specified any policy or any expectations in respect of redacted documents," the UKGC stated.
This confirms that, from the regulator's perspective, there is no explicit rule that forces online gambling companies to reject a document simply because a customer has blacked out information not relevant to the verification itself—such as a driver's licence number or individual bank transactions on a statement.
The UKGC pointed to its existing rules, primarily Licence Condition 17, which mandates that operators must verify a customer's name, address, and date of birth. However, these rules focus on the outcome of the verification, not the specific state of the documents used to achieve it.
Why This Matters for Consumers
Many customers are required to submit personal documents like driving licences, passports, or bank statements to verify their identity and source of funds. These documents often contain sensitive data beyond what is needed for basic verification.
This FOI response empowers consumers by confirming that the regulator has not forbidden the practice of redacting non-essential details. Customers concerned about sharing superfluous personal data can now be aware that no overarching UKGC rule prevents an operator from accepting a securely redacted document, provided all necessary details (name, address, date of birth) remain clearly visible.
A Lack of Clarity Remains
While the UKGC does not prohibit operators from accepting redacted documents, it also does not compel them to do so. The Commission's response creates a situation where individual operators are left to set their own internal policies. An operator could still, based on its own risk assessment or internal procedures, demand fully unredacted documents.
This can lead to inconsistencies across the industry, where one operator may accept a redacted bank statement for proof of address, while another rejects it. The UKGC did not confirm whether it had ever taken regulatory action against an operator for accepting redacted documents, noting only the absence of a specific policy on the matter.
For land-based venues like casinos and betting shops, the rules are slightly more defined, stating that identification must be legible and show "no visible signs of tampering or reproduction." However, even this does not explicitly mention redaction, focusing instead on the authenticity and validity of the document for age and identity checks.