The ICO exists to empower you through information.

The Information Commissioner’s Office (ICO) has today backed proposals for the financial sector to share data with gambling companies to protect customers from unaffordable losses.

In a letter to industry body UK Finance, the ICO has confirmed that data protection law does not stop gambling companies from conducting financial risk checks on customers, and that lenders can share people’s personal information – but this must be done transparently and proportionately.

“Problem gambling has devastating consequences for people’s finances, relationships and health. We are keen to see the financial sector share data to protect people from unaffordable losses and spiralling debt.”

- Stephen Almond, Executive Director of Regulatory Risk at the ICO

The ICO has been working with the Gambling Commission on the design of privacy safeguards for financial risk checks. Gambling companies will only be permitted to use personal information they receive solely for the purpose of financial risk checks. And customers will need to be told that checks on their financial health may be undertaken where they incur significant losses.

The ICO has also lent its support to plans for gambling companies to share information about customers identified as high risk who are gambling across multiple sites. In a report published today, the ICO set out its advice to the Betting and Gaming Council on the necessary safeguards required to share personal data between different operators.

Stephen Almond, Executive Director of Regulatory Risk, added:

“Data sharing can be a force for good, enabling organisations to protect people from gambling-related harm. We’ve been pleased to work with the Betting and Gaming Council through our Regulatory Sandbox to help them safeguard gamblers while upholding their rights to privacy.”

Following the completion of the Sandbox pilot, the data-sharing project – now known as GamProtect – will be implemented across the gambling industry with support from the Betting and Gaming Council.

Notes to editors

About the Regulatory Sandbox
  • The Regulatory Sandbox is a service suited to organisations who intend to, or are in the process of, developing innovative products and services using personal data for the benefit of the public.
  • We can support innovators who might be at the pre-launch research phase, right through to launch, with ongoing support and detailed feedback provided over a longer-term period.
  • We welcome Expressions of Interest from start-ups, small or medium organisations and large organisations, across private, public and voluntary sectors and you can read about our key areas of interest – which include emerging technologies and exceptional innovators.
About the ICO
  • The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  • The ICO has specific responsibilities set out in the DPA 2018, the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  • The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement, and audit.
  • To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to