Sky Betting & Gaming (SBG) has achieved a significant milestone in a recent Court of Appeal decision concerning data protection.

SBG challenged a High Court decision on five different points, and today the Court of Appeal has fully upheld SBG’s appeal on each one.

This ruling is a crucial victory for SBG and a noteworthy development for gambling operators and data controllers in general. To give some context, the claimant, known as RTM, identifies as a problem gambler and filed a lawsuit against SBG, alleging that the company sent them marketing emails without their consent.

RTM argued that they never agreed to receive such communications, making it unlawful. SBG contested this claim. Last year, the High Court determined that SBG’s marketing practices were unlawful because RTM, due to their gambling disorder, was unable to provide valid consent. Essentially, the court found that their condition rendered any decisions regarding consent invalid.

The most significant consequence for gambling operators (and in fact all controllers) is the Court of Appeal’s findings on the test for consent.

The Court of Appeal has wholly rejected any suggestion that the test for consent contains any subjective element. The test for legally valid consent is an entirely objective one and is set against the criteria in the UK GDPR.

The Court of Appeal concluded that what a controller knows or ought reasonably to know about a data subject is not relevant when considering whether consent was freely given. Effectively, the test for valid consent is an objective one without any qualification.

The judgment provides certainty for controllers when obtaining consent. Controllers should assess the information they provide to data subjects about processing on the basis of consent and their mechanisms when obtaining consent. If these, objectively, result in data subjects’ consent being specific, informed, unambiguous and freely given, then controllers can have greater confidence that their processing complies with the UK GDPR and PECR