MA sports betting operators have been granted an extension by the state’s gaming commission as they attempt to figure out how to comply with what will be the strictest data privacy regulations in the country.
The Massachusetts Gaming Commission granted the operators of MA sportsbooks a temporary 60-day waiver through Nov. 17.
Further detail and implementation plans will need to be provided by operators over that span. The intention is for the commission to hold additional roundtables on the matter.
MA sports betting extension granted
The new, stricter regulations became official on Aug. 8. They were set to go into effect on Sept. 1.
But the operators requested more time due to extensive technological impacts. Multiple operators said it could be a multi-year endeavor.
Two MA operators confirmed to LSR that the Commonwealth will have the strictest regulations on data sharing in the country.
Data privacy regulations explained
Regulation 205 CMR 257 governs sports betting data privacy in Massachusetts.
It states, in part:
- A Sports Wagering Operator shall not share a patron’s Confidential Information or Personally Identifiable Information with any third party except as necessary to operate a Sports Wagering Area, Sports Wagering Facility or Sports Wagering Platform or to comply with M.G.L. c. 23N, 205 CMR, or any other applicable law, regulation, court order, subpoena, or civil investigative demand of a governmental entity.
- If a Sports Wagering Operator shares a patron’s Confidential Information or Personally Identifiable Information pursuant to 257.03(1), the Operator shall take commercially reasonable measures to ensure the party receiving a patron’s Confidential Information or Personally Identifiable Information keeps such data private and confidential, except as required to comply with M.G.L. c. 23N, 205 CMR, or any other applicable law, regulation, court order, subpoena, or civil investigative demand of a governmental entity.
MA sports betting regs pose challenge
Operators opened up about the technological challenges they face in their waiver requests to the commission.
“They were struggling with almost all the issues,” MGC sports wagering division director Bruce Band said. “They actually met as a group and to a licensee they were having trouble figuring out how to implement this, and that’s why they asked for more time.
“Everybody’s software is different, and each one felt they needed more time to approach this intelligently and not have problems with their software after they made some implementations.”
What Caesars said in its request
Caesars’ request reads as follows:
Caesars Sportsbook has developed processes to comply with privacy laws enacted by other states, the Privacy Regulation imposes obligations on gaming operators that are not required anywhere else in the U.S. For example, no state currently limits gaming operators’ use of data to only those purposes that are “necessary to operate” the gaming service, unless the operator has received a separate opt-in consent from the customer. Similarly, no state prohibits sharing of data with third parties unless that sharing is “necessary to operate” the service. As drafted, the Privacy Regulation arguably prohibits many types of ordinary course data use, including loyalty program or other advertising-related purposes.
Caesars Sportsbook does not currently have the necessary technology tools or processes to manage these new opt-in/opt-out and data sharing requirements. Building the front-end functionality to collect opt-in consent across our services and designing, developing, and maintaining the back-end software and procedures to obtain and respect opt-ins/opt-outs will, in each case, be a very complicated, time-consuming project.