Code of Massachusetts Regulations
205 CMR - MASSACHUSETTS GAMING COMMISSION
Title 205 CMR 257.00 - Sports Wagering Data Privacy
Section 257.02 - Data Use and Retention

Universal Citation: 205 MA Code of Regs 205.257

Current through Register 1531, September 27, 2024

(1) A Sports Wagering Operator shall only use and retain Confidential Information and Personally Identifiable Information for legitimate business purposes necessary to operate or advertise a Sports Wagering Area, Sports Wagering Facility or Sports Wagering Platform, or to comply with M.G.L. c. 23N, 205 CMR, or any other applicable law, regulation, court order, subpoena or civil investigative demand of a governmental entity, to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity, debug to identify and repair errors, to investigate, respond to and defend against filed or reasonably anticipated legal claims, and for other reasonable safety and security purposes. In addition, use and retention of a patron's Confidential Information or Personally Identifiable Information may be permissible where necessary to conduct commercially reasonable review of a Sports Wagering Operator's assets in the context of the sale of all or a portion of the Sports Wagering Operator's business.

(2) If a Sports Wagering Operator seeks to use a patron's Confidential Information or Personally Identifiable Information for purposes beyond those specified in 205 CMR 257.02(1), a Sports Wagering Operator shall obtain the patron's consent, which may be withdrawn at any time.

(a) Consent may be obtained for categories of uses, rather than specific instances of such uses.

(b) Such consent must be clear, conspicuous, and received apart from any other agreement or approval of the patron. Acceptance of general or broad terms of use or similar documents that purport to permit the sharing of Confidential Information or Personally Identifiable Information in the same document shall not constitute adequate consent, nor shall hovering over, muting, pausing, pre-selecting, or closing a given piece of content without affirmative indication of consent.

(c) Consent shall not be deemed to be a waiver of any of the patron's other rights.

(d) The option to withdraw such consent must be clearly and conspicuously available to the patron on the Sports Wagering Operator's Sports Wagering Platform. A patron shall not be required to confirm withdrawal of consent more than once, and no intervening pages (other than those needed to confirm withdrawal of consent) or offers will be presented to the patron before such confirmation is presented to the patron.

(3) A Sports Wagering Operator may not use a patron's Personally Identifiable Information or Confidential Information, or any information derived from it, to promote or encourage specific wagers or promotional offers based on:

(a) a period of dormancy or non-use of a Sports Wagering Platform;

(b) the wagers made or promotional offers accepted by other patrons with a known or predicted social connection to the patron;

(c) the communications of the patron with any third party other than the Operator;

(d) the patron's actual or predicted:
1. income, debt, net worth, credit history, or status as beneficiary of governmental programs;

2. medical status or conditions; or

3. occupation.

(e) Any computerized algorithm, automated decision-making, machine learning, artificial intelligence, or similar system that is known or reasonably expected by the Sports Wagering Operator or a vendor to the Sports Wagering Operator to make the gaming platform more addictive;

(f) Engagement or utilization of play management options, including type of limit, frequency of engagement or utilization of play management options, and frequency of changing limits;

(g) Engagement or utilization of cooling-off options, including duration of cooling-off period, frequency of engagement or utilization of cooling-off options, and frequency of changing cooling-off periods;

(h) Engagement or utilization of any measure in addition to those described in 205 CMR 257.02(3)(f) and (g) intended to promote responsible gaming.

(4) A Sports Wagering Operator shall collect patrons' Confidential Information and Personally Identifiable Information to analyze patron behavior for the purposes of identifying and developing programs and interventions to promote responsible gaming and support problem gamblers, and to monitor and deter Sports Wagering in violation of M.G.L. c. 23N and 205 CMR. The Sports Wagering Operator shall provide a report to the Commission at least every six months on the Sports Wagering Operator's compliance with 205 CMR 257.02(4), including the trends observed in this data and the Sports wagering Operator's efforts to mitigate potential addictive behavior, but shall not, in such report provide patrons' Confidential Information or Personally Identifiable Information except if specifically requested by the Commission.

Disclaimer: These regulations may not be the most recent version. Massachusetts may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.