Olympic betting scandal and Data Protection
An Irish athlete is under investigation less than 24hrs into the Olympics arising from allegations that they, in effect, bet against themselves.
An anonymous source became aware of the pattern of betting and notified the authorities.
This blog post is being written to help media commentators avoid either putting their feet in it or wasting the scarce time of the Data Protection Commissioner raising spurious enquiries about whether the disclosure of the data in this was legal.
Bluntly – you don’t want to come out swinging against the bookies if they were acting correctly as you’ll look like a fool. And, if they were in the wrong, you don’t want to throw the Data Protection Act around like snuff at a wake as there’s enough bullshit out there about what it is and what it does to fertilise the Rose Gardens in St Anne’s Park until doomsday.
First things first: we need to bone up on some of the law governing gambling, specifically section 11 of the Gaming and Lotteries Act 1956. That legislation makes it an offence to cheat.
11.—Every person who by any fraud or cheat in promoting or operating or assisting in promoting or operating or in providing facilities for any game or in acting as banker for those who play or in playing at, or in wagering on the event of, any game, sport, pastime or exercise wins from any other person or causes or procures any person to win from another anything capable of being stolen shall be deemed guilty of obtaining such thing from such other person by a false pretence, with intent to defraud, within the meaning of section 10 of the Criminal Justice Act, 1951 (No. 2 of 1951), and on conviction shall be punished accordingly.
That is important as Section 8 of the Data Protection Acts permits the disclosure of personal data where necessary to allow the prevention, detection, or investigation of a crime. In this case cheating.
Note: I’m not saying that any cheating actually took place here, just that circumstances appear to exist which seem to require investigation of the possibility of such cheating.
As winning bets were drawn down that might fit the bill under the Gaming Acts.
I always advise clients to have at least two lawful processing conditions to rely on. In this case the bookmakers could probably argue the “Legitimate Interest” grounds… It is in their interest to red flag potential cheating in the placing of bets or rigging of events. And the remedy to that would be to alert the appropriate body who would in turn have a legitimate interest in ensuring the propriety of the Games.
Of course, the complicating factor is that the information was sent to the OCI from an “anonymous email”. If the sender was an employee of the bookmakers then, if they had permission from their employer to alert the OCI then that might be an allowable disclosure. But if they aren’t an employee (for example if they work with the police and came into possession of information relating to an investigation) or didn’t have permission to disclose the details of the athlete then that could be a breach of the Data Protection Acts.
So. Before we start chasing hares that aren’t there, let’s all step back and remember what the law actually is here. Far more important to focus on google and their ‘factual inexactitude’ on street view and the paltry resources of our DPC.
Thus endeth the rant