The Information Commissioner's Office (ICO) said it is concerned that the companies may not be using personal data in accordance with the Privacy and Electronic Communications Regulations (PECR).
The ICO said it has written to more than 400 businesses believed to be promoting online gambling websites asking them to disclose "how they use people’s personal details and send marketing texts". It said it also wants details on where those businesses have sourced the personal data they use and how many marketing texts they have sent.
"The ICO is writing to companies identified as being involved in affiliate marketing," the watchdog said in a statement. "This is when firms offer to pay organisations that bring them new customers, sometimes leading to a situation where neither party is taking any responsibility for complying with the rules. The gambling sector is an area where the ICO has become aware of particular problems around affiliate marketing."
David Clancy, ICO anti-spam investigations manager, said the watchdog had been able to progress its investigations to the point of writing to businesses "thanks to consumers who’ve reported spam texts to us, as well as intelligence from other sources".
Gambling law expert Audrey Ferrie of Pinsent Masons, the law firm behind Out-Law.com, said the ICO's initiative "chimes with the messages" presented by the Gambling Commission at a conference it hosted in Birmingham earlier this week.
Gambling Commission chief executive Sarah Harrison made it clear at the conference that the regulator expects gambling operators to put consumers at the centre of their decision-making and explained that the Commission intends to levy higher penalties in cases of non-compliance with licensing and regulatory obligations in future.
"You need to raise your ambitions and your sights higher," Harrison said in a speech (7-page / 117KB PDF) at the conference. "You need to step up the pace of change - in how you handle customer complaints; ensure advertising is clear; simplify terms and conditions; develop your risk management strategies on money laundering; evaluate the impact of social responsibility initiatives - and, working across all these areas, in how you do more to share best practice."
Ferrie said Harrison's messaging could also apply to the use of personal data for marketing purposes by gambling operators.
Under PECR the ICO can fine businesses and other organisations up to £500,000 for serious breaches of the rules, which include in relation to the sending of unwanted marketing emails and texts or live and automated marketing phone calls to individuals. The rules generally prohibit organisations from transmitting or instigating the transmission of unsolicited communications to consumers for the purposes of direct marketing by means of electronic mail unless the person receiving the mail has notified prior consent for the messages to be sent.
David Clancy of the ICO said: "Companies must comply with the law when using people’s personal information. Not knowing the law or trying to pass the buck to another company in the chain is no excuse. The public expect firms to be accountable for how they obtain and use personal data when marketing by phone, email or text. Fail to be accountable and you could be breaking the law, risking ICO enforcement action and the future of your business."