Hand Histories and the Data Portability Issue
With hand histories and HUDs (heads-up displays) being a hot news topic in recent weeks, it’s time to revisit the issue, but from a new perspective: The applicability of “data portability” laws to online-poker hand histories and players’ possible rights to such data from the poker sites on which they’ve played. It may well be an important future consideration as Euro-facing sites continue to seek ways to battle the poker-environment battles caused by various third-party software programs.
Earlier this week, we saw the winds of change blow from two directions at once. Partypoker has just installed a significant round of software changes that aim to make HUDs all but unusable, without technically banning them, which has led to massive pushback from the software-driven cloud, which among other arguments, has broached the topic of transparency when it comes to policing the game and catching cheaters and colluders. (Party has since announced tentative plans to make a modified form of hand history available via a re-player to address some of the backlash.)
Meanwhile, over at the Microgaming Poker Network, they’re going to reinstall hand-history availability that had previously been limited. MPN’s move, in large part, is designed to address some of the very same transparency and privacy concerns that may well be the proverbial sticky wicket in party’s otherwise well-planned scheme.
One note of interest in MPN’s reversal was a mention of the data-portability issue, so that’s where the digging led to next. I’ve since been in touch with a couple of well-placed people within the European online-poker scene, and that led me to a law passed in 2016, the General Data Protection Regulation (GDPR). The GDPR, to paraphrase one of my sources, was created as an EU-wide response to the data abuses practiced by United States-based Facebook, which is indeed the reigning and undisputed king of noxious business practices pertaining to social media.
As this anonymous source put it, there’s now an EU-wide requirement that users can take their data out of a service and reuse it elsewhere. It was enacted because of Facebook-created barriers, meaning that one could not easily export private information — photos, posts, etc. — from Facebook and into another social media service, despite Facebook’s own prolific sales and abuse of the same user data. Now, with the GDPR in place, Facebook and other social-media sites are forced to have tools through which users can download their own data.
No doubt you, the reader, can see where this line of thought leads. Do hand histories count as personal data? Well, maybe, and in MPN’s case, at least, it appears the network is playing it safe, partypoker perhaps less so.
According to said source, “The law was not designed with hand histories in mind and it is questionable whether hand histories can be considered ‘personal data’. But  it’s reasonable to assume that it applies to online gaming companies….” By not providing hand histories at all, Euro-facing online pokers might face some sort of legal risk. Also noted is that various European countries require data retention for extended periods; in the United Kingdom’s case, that’s one year.
This makes for an interesting circumstance regarding hand histories… and who owns them. Such histories are certainly not owned by “the public,” so screen-scraping data gatherers and third-party hand-history gatherers still have no claim whatsover to hand history data. Participating players might have some ownership rights, but then again, they might not. The issue has never been tested in a legal sense.
However, there’s still one more twist to consider, and it should temper further the enthusiasm any hand-history accumulator might be feeling by reading this conjecture. The GDPR might provide an avenue to players obtaining their own data, but by the same measure, those rights would almost certainly not extend to the hole cards of their opponents at any given table, the rights to which would belong individually to those other players instead. So assuming the GDPR somehow does apply, it might only result in the forwarding of one’s own cards and wagers, hand after hand, session after session.
As for analyzing the finer points of one’s play, such an abridged hand history would have only limited applicability. It might even come out looking like an extremely detailed profit/loss statement, rather than the analysis-friendly data stream such users would prefer. Data portability, as it applies to online poker, appears to be a double-edged sword.
All this remains just a theoretical, though it’ll be an interesting tale to follow if a legal challenge along these lines does emerge.
(The opinions offered here are those of the author and do not necessarily represent the opinions of the owners of Flushdraw.)