UKGC Withholds Account Security Data
Regulator cites cost and complexity in refusal to release statistics on unauthorised gambling account openings.
The UK Gambling Commission has refused to release statistics on unauthorised account openings and ID verification failures, citing excessive cost and complexity. The decision leaves consumers in the dark about the scale of key account security risks in the gambling industry.
Article Content
The UK Gambling Commission (UKGC) has declined to release statistics on the prevalence of unauthorised account openings and failures in identity verification across the gambling industry, according to a Freedom of Information (FOI) response published on 20 July 2024.
The regulator stated that while it holds information on these critical consumer protection issues, it is not stored in an easily accessible format. Fulfilling the request would exceed the cost and time limits permitted under the Freedom of Information Act.
The Request and The Refusal
A request was made to the UKGC for three specific pieces of information:
- Statistics on unauthorised account openings.
- Data on the systematic bypassing of ID verification processes.
- Any audit reports concerning the operator Bet365 Group's account opening and verification procedures.
In its response, the Commission confirmed it holds information relating to the first two points but refused to provide it, invoking Section 12 of the FOIA. This exemption allows public bodies to deny requests where the cost of retrieving the information would exceed £450, or 18 hours of staff time.
The UKGC explained that the relevant data is not centrally located and would require reviewing "large volumes of information, stored across several areas of the Commission" to extract.
Why This Matters for Consumers
Robust identity verification is a cornerstone of UK gambling regulation. It is designed to prevent underage gambling, combat fraud, and support responsible gambling measures like self-exclusion. An unauthorised account could be created in someone's name without their knowledge for fraudulent purposes, or by a self-excluded individual seeking to bypass their exclusion.
The Commission's inability to readily produce statistics on these matters raises questions about its capacity to monitor the scale of such issues across the industry. Without clear data, it is difficult for consumers, researchers, and policymakers to gauge how effectively operators are protecting players from identity-related risks.
Further Exemptions Cited
The UKGC's response also noted that even if the request were refined to be less costly, other exemptions might prevent disclosure. It specifically mentioned Section 31 (Law Enforcement), stating that releasing certain information could "seriously impact the Commission’s regulatory activities" by revealing its assessment methods and techniques.
This suggests that some of the requested data is considered highly sensitive and integral to the UKGC's enforcement strategies. However, the blanket refusal means the public remains without a clear picture of the prevalence of account security failures.
The Commission did not specifically address the part of the request concerning Bet365, instead issuing a general refusal for the entire query. The regulator invited the requester to submit a more refined, narrower request, which would be treated as a new case.