• Blog
  • Privacy
  • UK Online Betting Giants Share PII with Facebook without Consent

UK Online Betting Giants Share PII with Facebook without Consent

Onn Nir

Onn Nir

Content Manager

  • February 24, 2025
  • 4 min read
  • February 24, 2025
  • 4 min read
UK PII: online gambling
Share article
twitter linkedin medium facebook

Well-known gambling firms in the UK have been caught oversharing their website visitors’ personal information with Facebook’s parent, Meta, and passing it on to the web giant without first obtaining their permission. It looks like the problem is widespread. After testing 150 UK-based online betting company websites, including Ladbrokes, Sky Bet, BetVictor, Tombola, and Bet365, the Guardian newspaper discovered that 52 of them were automatically sharing data with Meta in what appears to be a blatant violation of European data protection laws.

Profiling Gamblers

The Guardian characterizes Meta as using this improperly obtained customer data to profile users so that once it has identified them as gamblers, it can target them with dozens of adverts for web casinos, online bingo, and similar gambling services. The article also argues that Meta is guilty of facilitating this kind of abuse by kicking the responsibility for obtaining user consent back to the gambling companies, absolving itself of responsibility by pointing to its terms and conditions.

Whether that’s true or not, it does have a point. Any business that places tracking technologies like pixels and cookies on its websites must comply with data protection laws or expect big regulatory fines (Meta itself holds the record for this, a staggering $1.3 billion levied by the Irish Data Protection Commission in 2023).

Consumer Protection

GDPR requires website owners to obtain clear, informed consent from every site visitor, via one of the familiar consent forms that appears (or should appear) whenever they open up a website that uses tracking. Although these checkbox exercises may feel like an annoying hurdle to consumers, they are an important piece of consumer protection. User data is so valuable that some businesses are tempted to bend the rules to get it, making this kind of protection a must, but they’re also a protection for companies that want to steer within the law, safeguard user data, and avoid fines.  

User consent forms tell website visitors exactly what their data will be used for and crucially allow them to opt out of sharing it with one, many, or all of the listed advertisers and marketing companies. But the Guardian’s reporter found that when he visited one of the websites of the “guilty 52,” the Meta Pixel shared his data with Meta anyway.

Ignorance or Arrogance?

When the paper reached out to the companies for comment, many of them rectified their mistakes, but some either claimed to be compliant or declined to comment. One called Hollywoodbets claimed that it did give users the chance to opt out of tracking, but when the user tried this it didn’t seem to make any difference. The pixel still shared their data with Meta and was followed by a flurry of gambling-related ads appearing on the user’s Facebook page.

The Problem with Pixels

Most website owners rely on tracking technologies like pixels to optimize their marketing campaigns, provide analytics, and improve the user experience, but even those who aren’t blatantly disregarding data protection guidelines could be playing with fire. Some of the companies in the Guardian’s sample seemed to have been guilty of configuration errors rather than knowingly targeting gamblers, and this is all too easy to do.

Marketing and security teams in the same company may have different priorities when it comes to pixel use, and each may not communicate what they’ve been doing with the other. This can lead to pixels collecting more data than they should, sometimes because everyone has forgotten about them. While fines are usually lower for this kind of mishap (up to €10 million or 2% of the organization’s annual global turnover, whichever is higher) they are still best avoided.

Putting Pixels in Their Place

Reflectiz can help keep pixels and other tracking technologies in line, so your website doesn’t over-share information with Facebook and other providers for any reason. Its upcoming release is a brand-new Privacy Dashboard that hugely simplifies the problem of monitoring all tracking tools.

Reflectiz already maps every one of these technologies (including the forgotten ones) and alerts website owners before any misconfigured cookies, pixels, and tag managers can leak user data without authorization and land them in hot water with the regulator.

No matter how many websites your business may have, the new Privacy Dashboard gathers them all in one place for optimal governance, monitoring, and detection of misconfigurations, errors, oversharing of PII, and more. This valuable update improves and simplifies risk management and regulatory compliance, two things you definitely don’t want to gamble with!

Subscribe to our newsletter

Stay updated with the latest news, articles, and insights from Reflectiz.

Related Articles

New PCI DSS Guidance – Payment Page Security And E-Skimming Prevention
  • March 13, 2025
  • 4 min read

New PCI DSS Guidance – Payment Page Security And E-Skimming Prevention

CISO’s Expert Guide To CTEM And Why It Matters
  • March 11, 2025
  • 3 min read

CISO’s Expert Guide To CTEM And Why It Matters

The .5 Billion Bybit Hack: Lessons from History’s Largest Crypto Heist
  • March 3, 2025
  • 4 min read

The $1.5 Billion Bybit Hack: Lessons from History’s Largest Crypto Heist

PCI DSS 4.0: Insights from Melbourne and Sydney Roundtables
  • February 19, 2025
  • 5 min read

PCI DSS 4.0: Insights from Melbourne and Sydney Roundtables

Your Website looks great!

But what’s happening behind the scenes?

Discover your website blind spots and vulnerabilities before it’s too late!

Try for free
linkedin twitter

All rights reserved 2024 © Reflectiz

Book a Demo

Book a Demo