Memorandum of Understanding Kansspelautoriteit - Malta Gaming Authority
Malta Gaming Authority of Building SCM02-03, Level 4, Smart City Malta, Ricasoli Kalkara SCM1001, Malta (“MGA”);
De Kansspelautoriteit, Rijnstraat 50, 2515 XP, The Hague, the Netherlands (“KSA”);
Each a “Party” and together the “Parties”.
The Malta Gaming Authority is a public authority established by the Gaming Act (Chapter 583 of the Laws of Malta), empowered by the same Act to regulate the gaming sector in Malta.
The Kansspelautoriteit is an independent governance body and is the regulatory and supervisory authority of games of chance in the Netherlands.
The Parties agree that cooperation between the two regulators is beneficial to their respective objectives as set out further on in this Memorandum of Understanding (hereinafter ‘MoU’);
The Parties agree that cooperation includes the exchange of information between the Parties, when legally permissible in terms of the laws and policies of the respective Parties, and this MoU sets out the parameters within which the Parties will share information, and their respective rights and obligations in respect of such information (including the safeguarding and security of the same).
THE PARTIES ARE HEREBY AGREEING THAT:
The Parties share common objectives and values in regulating the gambling sector within their respective jurisdictions to, inter alia, prevent criminality, ensure consumer protection and protect vulnerable persons against gambling addiction;
The parties recognise that in view of the international nature of gambling business, in terms of ownership, effective control, as well as technological and operational infrastructure, there is a strong need for international regulatory cooperation;
The parties recognise that although each party is subject to different laws, as applicable in each respective jurisdiction, the parties will focus on common ground; AND
It will be mutually beneficial and in pursuit of the statutory objectives of both parties to cooperate as further set out in this MoU.
For the purposes of this MoU, ‘personal data’, ‘data subject’, ‘special categories of personal data’, ‘personal data relating to criminal convictions and offences’, ‘processing’ and ‘data controller’ have the meanings given to them in the General Data Protection Regulation (EU) 2016/679 (“GDPR”);
“Data Security Breach” shall mean a breach of security leading to the accidental or unlawful destruction, alteration, unauthorised disclosure of, or access to the Shared Personal Data;
“Person” shall mean any physical person or corporate body;
The parties agree to cooperate in the interest of fulfilling their respective regulatory mandate regarding the licensing and supervision of the gambling sector.
The parties agree that the nature of this MoU does not create any legally binding obligations, confer any rights, or supersede domestic laws, but is an expression of the parties’ intention to cooperate.
The parties will, inter alia, and where appropriate and on a case by case basis:
Support each other in the sharing of best practices;
Share information in support of each of the parties’ responsibilities at law;
Engage in discussions on policy matters of interest to both parties;
Provide operational assistance where possible; and
Promote a culture of cooperation between the two authorities.
2.4 The parties recognise the importance of cooperation concerning individual operators, and may consult on a case by case basis and when appropriate on the following matters:
General regulatory standing during an onboarding procedure, or as part of on-going supervision;
Regulatory matters that may impact an operator’s standing with the other party, or the operations of that other party, such as the finding of a major compliance breach;
Mutual operational assistance and coordination for operators jointly authorised by both parties, in matters such as on-site auditing or access to data when such operators are physically present in the parties’ respective territories; and
Other areas of mutual supervisory interest such as anti-money laundering, responsible gambling and sports integrity.
2.5 Nothing in this MoU shall prejudice the obligations of each party to ensure that whenever they are requested to share information with the other party to this MoU, they shall only do so lawfully and in line with the requirements under all applicable law and processes of that same party.
2.6 This MoU does not modify or supersede any laws or regulatory requirements in force in, or applying to, the jurisdiction of the Netherlands or Malta. This MoU shall not create directly or indirectly enforceable rights, torts, actions for damages or a reason to be declared suited in any lawsuit.
2.7 The Parties acknowledge and agree that the information sharing between them as referred to herein, may involve the sharing by one Party to the other Party of certain personal data, including certain special categories of personal data and personal data relating to criminal convictions and offences (the “Shared Personal Data”) in connection with the relationship. Any and all sharing of information (including any Shared Personal Data) pursuant to this MoU will be undertaken solely in connection with the scope laid down in this MoU, and strictly for the Permitted Purposes (as defined below).
2.8 The Parties further acknowledge and agree that both Parties are each respectively acting in the capacity as a data controller in respect of their processing of such data. The provisions in this MoU are necessary to establish the parameters by which the Parties are to operate in order to effectively safeguard the exchange of information between the Parties.
EXCHANGE OF INFORMATION
3.1 Each Party recognises the need and desirability for the provision of both policy and operational matters through ongoing exchange of information and mutual assistance in securing compliance, administration and enforcement of their respective laws, regulations, requirements and its overall policy relating to Gaming and Gambling.
3.2 The Parties agree to abide by the following protocol in respect of the request and exchange of any information pursuant to this MoU:
3.2.1 Information Request – the Party requesting information must submit a written request (including in an electronic format) through their designated single point of contact (“SPOC”) to the other Party’s SPOC (in such format as agreed between the Parties from time to time, acting reasonably), or a SPOC’s delegate;
3.2.2 Exchange – The exchange and transfer of the information provided by the Parties pursuant to this MoU will be via the Parties’ SPOCs and by means of secure portal or other secure communication method.
3.2.3 Requests in writing (including in electronic format) shall include;
Any background and information to the request that may help the Requested Party with the request or assistance and must clearly identify Person(s) and specific questions needing to be answered;
The purpose for which the information or assistance is sought;
A description of any particular conduct or suspected conduct which has given rise to the request, and its connection with the jurisdiction of the Requesting Party;
The relevance of the requested information or assistance to any suspected breach of law, regulation or requirement of the Requesting Party;
Any other matter specified by the laws or regulations in the jurisdiction of the Requested Party; and
Any information related to the urgency of the request for information or assistance.
3.3 Each Party warrants and represents that it has all necessary rights, consents and permissions to share information referred to in this MoU with the other Party and that the other Party is entitled to use such information in the manner envisaged by this MoU.
3.4 Each Party warrants and represents that it shall only use the shared information for the relevant Permitted Purposes and shall not use such information for any other purpose unless it has obtained the other Party’s prior written consent. This request is to be submitted in the form of a written (including via electronic means) notice and must be justified on a legal basis in accordance with data protection legislation.
3.5 Each request shall be assessed on a case by case basis by the Requested Party to determine whether assistance is permissible by law and whether assistance can be provided under the terms of this MoU.
3.6 Either Party may propose a program for the joint, cooperative or collaborative development of operational and technical standards for gaming, requirements and similar matters where this will enhance the integrity, consumer protection, AML, anti-crime measures, and measures that reduce unnecessary duplication of requirements for gaming service providers.
4.1 The Parties shall undertake, for the duration of the MoU and after, to keep confidential any Confidential Information relating to the other Party which it obtains under or in connection with this MoU and not to use such information or disclose it to any other Person, other than as permitted under this MoU.
4.2 The Parties shall operate under the principles and specific requirements of the General Data Protection Regulations (and relevant domestic law enacted such provisions) with regards to the control and transfer of personal data.
4.3 The Requesting Party may disclose any Confidential Information related to and, or transmitted to it by the Requested Party:
4.3.1 to its employees, sub-contractors, officers, representatives or advisors who need to know such information for the purpose of exercising that Party’s duties, or activities in connection with this MoU. Each Party shall ensure that its employees, sub-contractors, officers, representatives and/or advisors to whom it discloses the other Party’s Confidential information are subject to the same confidentiality obligations;
4.3.2 as may be required by law, a court of competent jurisdiction or any other governmental, law enforcement or regulatory authority.
4.4 For the purposes of this MoU, “Confidential Information” shall mean in relation to each Party, all information (whether written, oral or obtained by observation or another means and whether directly or indirectly) whether disclosed/obtained before or after the date of this MoU which concerns the business, financial affairs, intellectual property, suppliers or licensees of that Party or which is otherwise confidential in nature, including the existence and provision of this MoU. Information will not be considered Confidential Information if it is already in the public domain at the time of disclosure or enters the public domain other than by breach of any confidential obligation.
4.5 The MoU sets out the potential legal basis for information sharing, but it is for each party to determine for themselves that any proposed disclosure is compliant with the law.
4.6 Confidential Information may be otherwise shared, transmitted or used beyond the Permitted Purposes if this is done with the explicit and written (including electronic) consent of the Requested Party, and in compliance with applicable laws of the respective jurisdictions among which laws on personal data and confidentiality.
PERMITTED PURPOSES & DATA PROTECTION
Each Party will operate under the principles and specific requirements of the EU General Data Protection Regulations (GDPR) (and relevant domestic law enacting such provisions) with regards to the control and transfer of personal data.
This MoU should not be interpreted as imposing a requirement on either Party to disclose information in circumstances where doing so would breach their statutory responsibilities. In particular, each Party must ensure that any disclosure of personal data pursuant to these arrangements fully complies with the GDPR and the relevant domestic law. The MoU sets out the potential legal basis for information sharing, but it is for each Party to determine for themselves that any proposed disclosure is compliant with the law, and the specific Party’s internal procedures.
COMMENCEMENT AND TERMINATION
6.1 This MoU will take effect as soon as the Netherlands Remote Gambling Act enters into force and shall continue to have effect unless terminated by one of the Parties in writing and with notice at least giving thirty (30) days advance to the other Party.
6.2 The Parties may review and amend the MoU by mutual agreement in writing.
Neither Party shall make any public statement about or otherwise publicise this MoU (including its existence or any of the matters detailed within it) without the prior written consent of the other Party.
INDEMNIFICATION/LOSS AND UNAUTHORISED RELEASE
Each party shall fully indemnify and shall hold harmless the other Party for all liability, loss, damage, costs, expenses or fines that may arise due to fault, willful misconduct, wrongdoing, or negligence on their part in the processing of personal data subject to this MoU.
Nothing in this Clause shall limit or exclude any liability for fraud or fraudulent misrepresentation, death or personal injury caused by negligence and any matter for which it would be unlawful for the Parties to exclude liability.
Without prejudice to any other rights or remedies that a Party may have, each Party acknowledges and agrees that damages would not be an adequate remedy for any breach of terms of this MoU by the other Party.
This MoU constitutes the entire agreement between the Parties.
Each party acknowledges that in entering into this MoU it does not rely on, and shall have no remedies in respect of, any representation or warranty (whether made innocently or negligently) that is not set out in this MoU.
Neither Party shall have any claim for innocent or negligent misrepresentation based upon any statement in this MoU.
No variation of this MoU shall be valid unless it is in writing and signed by or on behalf of each of the Parties.
Notwithstanding any other provision in this MoU, a Person who is not a party to this MoU has no right to rely upon or enforce any term of this MoU, but this does not affect any right or remedy of a third party which exists or is available in light of the Data Protection Laws.
Each Party undertakes with the other to do all things reasonably within its power that are necessary or desirable to give effect to the spirit and intent of this MoU.
This MoU may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one MoU.