Connect with us


Massachusetts Wagers Big On Privacy In Sports Betting – Gaming – United States



To print this article, all you need is to be registered or login on

Listen to this post

The Massachusetts Gaming Commission approved data privacy regulations under the 2022 Massachusetts Sports Wagering Act earlier this
fall. While directed to a narrow group of companies, the
restrictions around use of artificial intelligence, profiling and
breach notification suggest the types of concerns that we may see
other regulators focus on in other industries.

The law was passed last year to legalized sports betting in the
state. It also placed obligations on how covered entities handle
personal information. Entities covered by the law, and thus
impacted by these regulations, are those who run physical or
virtual sports wagering establishments in or directed towards those
in in Massachusetts. Under the law, the gaming commission was given
regulatory authority. The regulations from this fall spell out how
to meet the protection obligations of the law. Namely:

  • Limit how information is used. Operators may
    use and keep patrons’ information only to operate their sports
    wagering platforms. If they wish to use information for other
    reasons, they must get consent. Consent must be “clear and
    conspicuous” and not part of another agreement. The rules
    specifically prohibit relying on acceptance of terms for this kind
    of consent. Operators are also prohibited from using actual or
    predicted behaviors to encourage wagers or to serve marketing. Of
    particular concern was putting patron information into AI systems
    to make gaming more addictive.

  • Protect information. Operators must develop
    and maintain data privacy and security policies. These policies
    must address employee training, incident response procedures, and
    technical and organization measures for protecting

  • Notify in the event of a breach. Operators
    must notify the Massachusetts Gaming Commission and begin an
    investigation within 5 days of a suspected data breach. A
    breach is the same as under the state’s breach notification
    law, namely unauthorized acquisition or use of computerized
    personal information. (That law, as many know, and like most breach
    notification laws, has a specific definition of personal

  • Limits on data sharing. Under the regulations,
    operators can share patrons’ information only as necessary to
    operate the sports wagering establishment or platform and only if
    there is a written agreement in place with the recipient. That
    agreement must include, inter alia, a promise that the
    vendor will protect the information and have data security program
    and incident response procedures in place. Operators must also
    encrypt or hash information before sharing.

  • Patron rights. Similar to rights found in state comprehensive laws,
    patrons have the right of access and correction. The law also
    provides for the right to have information deleted and to have use
    limited. These rights need to be communicated online.

  • Promoting responsible gaming: The law requires
    sports wagering operators to compile and aggregate patrons’
    personal information and analyze it for purposes of developing
    programs to help people with gambling addiction.

Putting it into Practice: While applicable only to those
sports wagering operators, these requirements highlight concerns
that are on the minds of all regulators. This includes restrictions
on use of artificial intelligence and concerns about using
behaviors and profiling to influence behavior.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Media, Telecoms, IT, Entertainment from United States

UPDATE: Judge Wilken Renders Additional Decision Against NCAA

Lewis Brisbois Bisgaard & Smith LLP

U.S. District Judge Claudia Wilken of the Northern District of California has continued her ongoing pattern of decisions against the NCAA by granting class-action status for the damages portion of the ongoing House v NCAA action.

NCAA’s NIL Troubles Continue

McLane Middleton, Professional Association

Effective July 1, 2021, the NCAA adopted its new “interim” name, image and likeness (“NIL”) policy. The policy, in accordance with applicable state legislation, allows prospective…

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *