GDPR: Headache and huge opportunity

General data protection regulation has affected most of us in the industry. I have a Bitcoin casino, Oshi.io, and at least once a week somebody pitches me about renting an email list. So the recent implementation of GDPR got me thinking about email broadcasting with third-party lists, and the effect GDPR will have on this marketing channel. I’ve also been pondering the knock-on effects of GDPR and how it’s going to affect marketing across the board for years to come.

As a Curaçao-licensed white label I don’t have the constraints of the UK-licensed operators, but GDPR creeps me out. That’s because the chance of contravening this legislation is so high and the penalties for doing so are potentially huge. The regulation is very open-ended, which is a killer for broadcast emails within igaming; it’s also going to wipe out huge chunks of European operator email databases. Its consequences are going to be far-reaching, to say the least. GDPR will affect the whole marketing ecosystem, and as a result you’ll see SEO become even more important.

When I was given the opportunity to write this article, I thought I’d dig into three things: firstly, aspects of GDPR which I think operators are very nervous about. Secondly, what you as an affiliate can do to avoid trouble, and lastly, why ultimately GDPR could be a huge opportunity for you, if you’re shrewd with your SEO. At this point, I should make clear that these are just my opinions. I’m no lawyer, just somebody who has to deal with GDPR.

DATA CONTROLLERS If you are an affiliate with a mailing list, from a GDPR point of view you’re in the same position as me. We are both classified as being “controllers” of data; people who, according to the ICO, “determine the purposes and means of processing personal data.” And what does that mean? Well, you’re the controller if your company directly uses the data for its benefit, or if you’re providing the tools that are required to collect that data. So if you ‘own’ the list, you are responsible for GDPR compliance with that list. So, how do affiliates get the email lists? Having talked to a number of affiliates over the years, it seems they either come by these lists from third-party sources or they build up their own. They do this by running things like competitions where entrants are asked for an email address as a condition of entry. Once you’ve given your email address, expect a flow of marketing communications!

In any case, these email list holders are controllers of data and the odds of users being genuinely opted-in for igaming marketing messages is very low.

As for the risks, you could argue that the EU probably doesn’t have that much resource for policing this legislation. Europe has hundreds of thousands of businesses that are controllers of data, so as some random affiliate with a few email lists why would they bother targeting you? On the other side of the fence, for operators the risks are greater because their businesses are more identifiable. If you have a UK gambling licence then your overall conduct as an operator is accounted for when licences are renewed or when fines are issued. This kind of ambient threat about good conduct is very scary for operators. If you’re not a UK or European licensed operator and you’re working with a Curaçao for Costa Rica licence, for example, then the risks are definitely lower. But back to email lists. Once the email has been sent, it’s out there forever. People save their emails and if you get some activist GDPR group that wants to target a sector, all they have to do is ask for those archive emails. With a bit of detective work, it’ll be quite easy to see who the originator is and who delivered the email. If a relevant igaming licensing authority gets interested in GDPR contraventions, they’re going to pressurise the operator to identify the list seller and on it goes. PROVING GENUINE OPT-IN I’ve asked a number of sellers if their email lists are genuine opt-in and of course they always are! But where’s the proof? Any authentic opt-in list is going to be valuable, but as consumers get more aggressive with their ‘unsubscribes’ those lists are going to dwindle. If this all sounds rather dismal that’s because it is. You have open-ended risk, an easy way of identifying the operators and relatively little return, all things considered. In my opinion GDPR could spell the end of renting third-party bulk email lists within the igaming industry. That said, there is one possible get-out clause. If an operator has users outside of the European Union, then from what I understand as long as the operator is confident about the geolocation of these users, GDPR doesn’t apply. For example, Facebook moved legal responsibility for its 1.5 million users from Ireland to the United States in order to avoid GDPR legislation. The same principle would apply to renting mail lists. If you can confirm the emails are for individuals outside of the EU, then you’re working outside the scope of GDPR. The catch is that you have to be sure that the person you’re emailing is outside the European Union. With a rented email list, how would you get real geolocation confirmation? WHAT’S THE MEGATREND WITH GDPR? So much for the negative stuff, now let’s change gear and look at the upside of GDPR for you as an affiliate. I think GDPR is only a part of a huge decade-long trend away from ‘blanket broadcasting’ to brand awareness, targeted communications and ‘opt-in’ interaction. This idea of opt-in interaction is embodied in disciplines like content marketing, where valuable content that users want is created and distributed. In return for this content, users give you their email address because they want more of the same. Most content marketing doesn’t work in igaming because users don’t want a relationship with you as an affiliate. And if they don’t want a meaningful relationship with you, how are you going to get their email and carry on a conversation? There is one form of opt-in marketing which is extremely successful within the igaming world, though. It’s called organic search. Many users seeing a TV advert or some other marketing message don’t act on it there and then. At some point there is a trigger event where that user thinks ‘I want to gamble with somebody else’ and they voluntarily go to a search engine and start doing their research. However, since most casinos and sports books are more or less the same, there’s little brand loyalty. As a result there are some very attractive new customer offers out there, and consumers know that affiliate websites are generally a good place to start looking. So, they click on the link, fund their account, and as an affiliate you’re getting 25%-50% of the revenue the user generates. Going back to this idea of being a controller of data, think about what happens when a user lands on your affiliate website. You don’t know what key phrase they came in on, but you do know their IP address and some browser configuration information. You know what link they clicked on and that’s about it. Obviously you have to track users with cookies, so you have a privacy policy and acceptance button on your site. Ultimately, with search traffic you don’t have any of the GDPR risk that handling email lists can bring. WHAT ABOUT SEO? If SEO avoids all the aggravation that GDPR brings, then of course operators will spend more on it. However, when you look at any medium or large operator they will want to work at scale. And with the demands of scale comes the importance of accountability. Accountability in marketing simply means ‘I did this, we made that’. If you ever talk to large operators about their paid media spend relative to their organic search, it’s typically at least 10 times more on paid media than SEO. Businesses are comfortable with large paid media spend simply because it doesn’t require that much engagement on their part. Furthermore, there is accountability because everything is tracked; hence you can have a definitive return on investment. What about television, you ask? Well, from a business point of view TV is simple. You pay your money, you do your advertising and you get an uplift. If the TV works, just spend more money. It’s all about scalability. SEO on the other hand is complex, hard to scale and unreliable. On top of the complexity of SEO, we also have the fact that Google can hide the key phrase used to access your site. This means SEO can never compete against AdWords because you never really know what key phrase got you that conversion. In order to embrace SEO, then, a business has to fundamentally accept the lack of accountability the process offers. Of course, affiliates are happy to accept SEO for what it is and that’s why they build whole businesses around ranking. COMPARISON SITES Overall I would say the igaming new acquisition search landscape is mainly geared to comparison sites, ie affiliates. Carry out a bit of keyword analysis around igaming and you’ll see the vast majority of ‘money’ key phrases are comparison ones, such as ‘free bets’, ‘online casinos’ and ‘casino bonus’. It’s arguable that an operator cannot safely run a comparison website. In the past I came across a number of operators who ran their own networks of sites and they seemed to be relatively successful. These networks served a few purposes. They acted as a funnel for traffic into their own brand; they earned the business revenue from driving some traffic to other brands; and they provided cross-linking of domains, which helped with link equity. Now, there may be operators who still run these site networks, but from what I can see the model doesn’t make sense any longer. You see, in light of GDPR there’s this whole bias towards clear disclosure on the intent behind your marketing activity. If an operator deceives users by presenting their network website as an unbiased affiliate, they are creeping into some very dangerous territory with regulators. Cross-linking of domains for SEO purposes is a nice idea, but Google is extremely smart on discounting links of no value. A link was always supposed to be an editorial vote and when the spammers got in, that ‘vote’ was aggressively manipulated until Google’s Penguin algorithm came into force. To be blunt, if I were an operator I wouldn’t go near networks of sites. Another thing to think about, an operator is the ultimate destination for a user and as a result the operator can never deliver legitimate satisfying comparison content because they are never going to promote a competitor! Another reason why operators are happy to let affiliates handle the SEO is risk. The vast majority of revenue to an affiliate is based on revenue share and as we all know revenue share is a retrospective cost. You get your rankings, you drive traffic through to an operator, the traffic converts and revenues are shared. As an affiliate you have taken on the risk and from an accountability point of view operators are happy with revenue share because it’s a clearly understood and scalable cost. BACK TO GDPR With GDPR, an operator has to have an explicit acceptance from their users to receive marketing communications. This acceptance can come in two forms. Firstly, through a user visiting the operator website and accepting the privacy terms and conditions, which means there is a traceable audit trail for anyone inspecting the operator. Secondly, by a user accepting continued email marketing from the operator. In igaming the proportion of active versus inactive customers is huge. From my experience an operator will have maybe less than 5% of all registered customers as active players. Thus the vast majority of email databases belonging to operators will now be obsolete because users won’t have visited the site and will not have ‘re-opted in’ to email communications. The upshot? Operators have vast dead databases of historic players and they can’t safely use rented email lists. On top of all of their email woes, their business model does not allow them to embrace SEO which is the ultimate opt-in channel. Where does this leave you as an SEO-savvy affiliate? In a good place. Operators will need you more than ever. They can’t hammer their old email databases and they can’t compete with you on SEO. Operators might try and give you a tough time about affiliate compliance, and they might play a hard ball game like Sky Bet have done, but I would argue the tide is turning in your favour. As long as you can deliver customers via SEO you help fill a vacuum created by GDPR. Maybe it’s time to renegotiate that revenue share.