European Gaming Lawyer magazine EGL_Spring2017_opt | Page 10

The General Data Protection
Remote Gaming Operators
by
T
he regulatory environment for remote
gaming operators in Europe has been
signifi cantly unclear during the last
decade(s). Th e legal regime of many
member states still does not comply
with the freedom of services granted under Union law.
Th erefore, there has been a tendency of remote gaming
operators to put the focus of their strategy on how to
survive under nebulous and diffi cult legal circumstances.
Th is might be the reason why in the past data protection
issues were not treated with high priorities even though
remote gam(bl)ing is nothing other then a permanent
processing of personal data.
Th e General Data Protection Regulation (GDPR)
marks a turning point in the relevance of data
protection law.
I. General Information
After long lasting discussions the GDPR was
adopted by the European Parliament on 14 April
2016, published in the Official Journal on 4 May
2016, came into force on 25 May 2016 and will
apply from 25 May 2018 (Art. 99). Different from
the old Data Protection Regulation of 1995 the
new Directive does not need to be transposed by
the Member States into national law. The GDPR
includes 99 Articles (instead of 34 Articles in the
old Regulation) and a high number of 173 Recitals
which almost make up 40% of the complete
published text.
Th e aim was to modernise and harmonise
data protection law in the EU. However, it
seems questionable to which extent a EU wide
harmonisation will be achieved since the GDPR
includes nearly 50 opening clauses which allow the
Member States to specify, to complete or even to
amend regulations of the GDPR