Submission Type

Presentation

Submission Title

Self-exclusion mechanism and GDPR principles

Session Title

Session 2-2-C: Consumer Protection

Location

Caesars Palace, Las Vegas, Nevada

Start Date

29-5-2019 11:00 AM

End Date

29-5-2019 12:25 PM

Disciplines

Gaming Law | Internet Law | Privacy Law | Science and Technology Law

Abstract

The core of the research is about the interaction between one of the most common measures of responsible gambling, self-exclusion mechanism, and principles of General Data Protection Regulation (GDPR). The principles enshrined by GDPR reflect the contemporary legislative state in the European Data Protection Law with tendencies to become international standards for personal data protection. Thus, the research tends to present how the application of GDPR principles affects the functioning of different types of self-exclusion mechanism.

Self-exclusion mechanisms might be organized in several different ways. Regulatory arrangements on self-exclusion mechanisms may vary from self-regulation to regulations at the international and supranational level. Regulations may limit data processing mechanisms in a manner that affects the accessibility and availability of self-exclusion databases. Thus, for the purposes of this research, the presentation of several different organizations which offer self-exclusion mechanisms are distinguished according to two dimensions – horizontal and vertical. Even though these dimensions are intertwined, the horizontal dimension concerns the connectivity between self-exclusion databases, whereas the vertical aspect concerns the existence of (or lack of) regulations aimed at organizing self-exclusion mechanisms. Taking into consideration both dimensions and their practical variations, a self-exclusion mechanism could be understood as being constructed in the following ways:

  1. Horizontally disconnected; vertically unregulated
  2. Horizontally connected; vertically unregulated
  3. Horizontally connected; vertically regulated
  4. Horizontally disconnected, vertically regulated

The research demonstrates the relation between the implementation of general principles of GDPR on the one part, and the effectiveness of a self-exclusion mechanism on the other. The research presents how the application of GDPR principles affect each of the four above presented forms of self-exclusion mechanisms with regard to their organizational and regulatory aspects. Thus, it reveals whether confronting interests exist between the effectiveness of a self-exclusion mechanism on the one part and the pro-privacy-oriented approach concerning processing personal data of self-excluded online gamblers on the other. For this purpose, the research answers the following general research question:

  • How does the application of GDPR principles affect the effectiveness of a self-exclusion mechanism?

To answer the main research question, the following sub-questions need to be answered:

  • What is a self-exclusion mechanism and how it could be organized/regulated?
  • What are the features (advantages and disadvantages) of different self-exclusion mechanisms taking into consideration their organizational and regulatory aspects?
  • What are the postulates of the effectiveness for self-exclusion mechanisms?
  • What are the data protection principles set out by GDPR?
  • How does each of the GDPR principles affect the functioning/effectiveness of each of the proposed forms of self-exclusion mechanisms?

The ultimate impact of the research should be found in its contribution to the regulation of technologies, and in reconsideration of the current legislative approach over the online gambling-related activities.

Keywords

Online Gambling, Self-exclusion mechanisms, GDPR, EU Data Protection Law

Author Bio

Dr. Dusan Pavlovic is a Research Fellow at UNLV’s International Center for Gaming Regulation (ICGR). Also, he works as a Compliance Advisor in the gambling industry. As an expert in the regulatory aspects of online gambling and data protection, he researches and advises on relevant legal requirements about personal data protection, EU Data Protection Regulation, and GDPR. Also, he leads research into global online gambling marketing standards and relevant requirements under national and international gambling regulations.

Dusan has been working as a Research Fellow at the University of Bologna (CIRSFID), Italy and as an External Researcher at Tilburg University (TILT), Netherlands. He developed and carried out his Ph.D. research entitled as ‘Online gambling in EU: from data protection to gambler protection’. His Ph.D. thesis investigates personal data as a method that contributes to the protection of online gamblers, taking into consideration the general goal (and principles) of responsible gambling. Dusan successfully defended his Ph.D. in June 2018 at Tilburg University, Faculty of Law, in the Netherlands. Due to international cooperation among several European universities, Dusan will also be awarded with Joint International Doctoral Degree in Law, Science and Technology issued by the University of Bologna, Italy. The European Commission funded the overall research through the Erasmus Mundus program.

Dusan also holds LL.M. degree in IT Law issued by Leibniz University, Hanover, Germany (Institute for Legal Informatics - IRI) and Master in International Management issued by the Faculty of Economics, University of Nis.

It is worth mentioning that Dusan worked as a Fellow at JAKTA - Association of Gaming Organizers, Authorized Technicians and Producers of Gaming Equipment, Belgrade (Serbia) and still works as a content writer for PravoIKT – Serbian web portal about ICT legal issues such as Privacy, Data Protection, Cloud Computing, Internet of Things, and ICT law in general. Dusan is a member of the European Association for the Study of Gambling (EASG) and the International Association of Privacy Professionals (IAPP). So far, Dusan has presented his scientific work on several conferences and scientific events.

Funding Sources

The overall research is funded by UNLV’s International Center for Gaming Regulation (ICGR)

Competing Interests

The research presents the continuity of the previously conducted research that the author completed during his Ph.D. fellowship carried out at several European universities (University of Bologna, Italy, University of Turin, Italy, Autonomous University Barcelona, Spain and Tilburg University, Netherlands). His Ph.D. fellowship was funded by the European Commission through the Erasmus Mundus project.

Share

COinS
 
May 29th, 11:00 AM May 29th, 12:25 PM

Self-exclusion mechanism and GDPR principles

Caesars Palace, Las Vegas, Nevada

The core of the research is about the interaction between one of the most common measures of responsible gambling, self-exclusion mechanism, and principles of General Data Protection Regulation (GDPR). The principles enshrined by GDPR reflect the contemporary legislative state in the European Data Protection Law with tendencies to become international standards for personal data protection. Thus, the research tends to present how the application of GDPR principles affects the functioning of different types of self-exclusion mechanism.

Self-exclusion mechanisms might be organized in several different ways. Regulatory arrangements on self-exclusion mechanisms may vary from self-regulation to regulations at the international and supranational level. Regulations may limit data processing mechanisms in a manner that affects the accessibility and availability of self-exclusion databases. Thus, for the purposes of this research, the presentation of several different organizations which offer self-exclusion mechanisms are distinguished according to two dimensions – horizontal and vertical. Even though these dimensions are intertwined, the horizontal dimension concerns the connectivity between self-exclusion databases, whereas the vertical aspect concerns the existence of (or lack of) regulations aimed at organizing self-exclusion mechanisms. Taking into consideration both dimensions and their practical variations, a self-exclusion mechanism could be understood as being constructed in the following ways:

  1. Horizontally disconnected; vertically unregulated
  2. Horizontally connected; vertically unregulated
  3. Horizontally connected; vertically regulated
  4. Horizontally disconnected, vertically regulated

The research demonstrates the relation between the implementation of general principles of GDPR on the one part, and the effectiveness of a self-exclusion mechanism on the other. The research presents how the application of GDPR principles affect each of the four above presented forms of self-exclusion mechanisms with regard to their organizational and regulatory aspects. Thus, it reveals whether confronting interests exist between the effectiveness of a self-exclusion mechanism on the one part and the pro-privacy-oriented approach concerning processing personal data of self-excluded online gamblers on the other. For this purpose, the research answers the following general research question:

  • How does the application of GDPR principles affect the effectiveness of a self-exclusion mechanism?

To answer the main research question, the following sub-questions need to be answered:

  • What is a self-exclusion mechanism and how it could be organized/regulated?
  • What are the features (advantages and disadvantages) of different self-exclusion mechanisms taking into consideration their organizational and regulatory aspects?
  • What are the postulates of the effectiveness for self-exclusion mechanisms?
  • What are the data protection principles set out by GDPR?
  • How does each of the GDPR principles affect the functioning/effectiveness of each of the proposed forms of self-exclusion mechanisms?

The ultimate impact of the research should be found in its contribution to the regulation of technologies, and in reconsideration of the current legislative approach over the online gambling-related activities.