UK Department for Education heavily criticized by Watchdog for allowing unauthorized use of teenagers' data for gambling age verification purposes.

There is no doubt that the UK gambling sector has made great strides around safer gambling in recent years. Individual betting brands, for example, have introduced measures like deposit limits to help protect customers and they now also carry lots of information about responsible gambling on their platforms.

While the brands involved in UK gambling are picking up praise for their efforts in this area, the news that saw the Department of Education reprimanded for breach of data protection laws was less encouraging.

DfE criticised for data breach involving teenagers’ information

The Department for Education is one of the most important branches of the UK Government. For it to be criticised so publicly for allowing the unauthorised use of teenagers’ sensitive data within the gambling sector is almost unheard of. But what did Watchdog have to say?

In short, the DfE were pulled up for a serious breach of data protection laws that saw it allow a company, which provides age-verification services to UK gambling firms, access confidential data on teenage children. This is something that is thought to have impacted millions of young people in the country. Although it was strong in its rebuke of the Department for Education, Watchdog stopped short of imposing a £10 million fine.

As you can imagine, this news shocked the gambling industry itself and is something that they were quick to condemn. Speaking for top online casino comparison site casinotopsonline.com, Giuseppe Faraone noted that “This is not something that anyone involved in the modern gambling sector wants to hear and is even more surprising when you think that a top Government department is behind the error.”

Watchdog highlights woeful data protection at DfE  

There is no doubt that reports of 'woeful' data protection standards at the DfE will not go down well in Downing Street. While the department may have not been hit with a major fine, they will be unlikely to be so lucky if it happens again.

But what exactly caused such a major stir? An Information Commissioner’s Office exposé found that there has been prolonged misuse of up to 28 million children’s personal data in the UK from the countries Learning Record Service. This misuse of information related to confidential data from the LRS being used by the employment screening company, Trustopia, to deliver age verification details to the GB Group. The GB Group are key in the UK gambling industry for helping gambling brands verify that customers are over 18.  

While age verification is important for safe gambling and the protection of children, it goes without saying that LRS data (which is only for educational purposes) should not have been misused in this way. It is also clear that the Department for Education should not have passed this data on and breached data protection rules.

Reprimand for DfE end of a long process

This issue first came to light in a Sunday Times report from 2020, when the links between the data leaked from the LRS to Trustopia, and then to the GB Group, were discovered. This saw the Information Commissioner’s Office launch an investigation into the claims and, recently, return its findings. Interestingly, Watchdog found that Trustopia had access to the LRS database for more than a year.

In its findings, the ICO also stated that the information was shared without the required controls and that the Department for Education failed to prevent a major data breach. The ICO investigation also found that the processes put in place around data protection at the DfE were very poor.

In the department’s defence, the investigation did find that Trustopia had told them that it was the new trading name of a training provider that they had used previously. This does not offset the lack of checks that were then carried out to prove the validity of this or what the data was being used for. Although the ICO had considered investigating Trustopia as well, this company has since dissolved, which meant that no regulatory action was possible.  

Major data breach from Department for Education

There is no doubt that allowing the unauthorised use of teenagers’ private data for gambling age verification purposes is a major blunder by the DfE. It must now be hoped that they tighten up their procedures around data protection so that it does not happen again. Although age verification is a key part of enabling a safer gambling industry in the UK, it must, of course, be done in a compliant way by all involved.

Gideon Wood - info@responsibleentertainment.com

Responsible Entertainment Limited is a news-and-marketing based company dedicated to divulging key industry information related to the iGaming and sports betting sectors.

Tags: