Collecting Event Data in a Post-GDPR and Cambridge Analytica Era

May 8, 2018

Tamar Beck

Tamar Beck is a 15-year veteran of Reed Exhibitions. She is currently CEO of Gleanin, an attendee acquisition software platform. 

Savvy event organizers have been keeping their eyes and ears glued to the news lately. 

In addition to the European General Data Protection Regulation (GDPR) coming right around the corner and now with the Cambridge Analytica and Facebook controversy, event organizers are facing their own challenges when it comes to collecting and protecting event data. 

Because they collect so much data from and about their attendees, organizers now face pressure to protect that information, while making sure everyone understands what data is collected and why.

Collecting any kind of event data today means making changes. Here’s what organizers should be thinking about data collection, protection and privacy in a post-GDPR and Cambridge Analytica era. 

Be Totally Transparent

Name. Company name. Email. Phone. Address. Dietary preferences. Special accommodations. Social media handles. 

Think about all of the information requested from attendees when registering for an event. 

While it’s all necessary from an organizer’s perspective, it’s quite a bit – especially since much of it is now defined as personal data and falls under the new GDPR guidelines.

But beyond GDPR, because of Cambridge Analytica and Facebook, attendees are likely to be even more sensitive about sharing any kind of personal data, wondering how and why it will be used. 

Obviously, organizers need to be very careful about the kinds of information they request from attendees and use it sparingly. 

But even more important, organizers need to be totally transparent not only about why they’re collecting the data in the first place but also how it will be used. 

In other words, organizers shouldn’t be asking for any unnecessary information. And it’s just as important that they don’t use collected information in ways that are unintended, unethical or don’t follow the agreement they have with attendees.

For example, it should be very clear that data collected during the registration process is being provided to a third-party registration company for the purpose of creating an attendee list, sending attendees ongoing communications about the event and in order to provide guests with event credentials on-site.

Being totally transparent about this kind of data collection is relatively straightforward and simple.

But the waters get a little muddier when it comes to newer data collection strategies used by organizers like social media referrals, beacons, RFID-tracking or visits to a landing page since those often are provided by third-party providers.

Creating Explicit Opt-In

As highlighted by the Cambridge Analytica and Facebook situation, it wasn’t crystal clear that when people long-ago accessed a specific app, that not only their data but their friends’ data was being collected, activity at the time that Facebook permitted but has since been banned (the bigger issue with this controversy is that this data was then sold – something Facebook expressly prohibits).

Many Facebook users weren’t aware that Facebook routinely allows researchers to have access to user data – and users consent to this access when they create a Facebook account. 

Unfortunately, details of these kinds of data sharing permissions being granted are often buried in a long list of terms and conditions, or revealed so briefly and quickly before a user clicks acceptance to move on to the next registration step. 

That’s why we at Gleanin take an explicitly transparent and clear process for obtaining opt-in to share data on social media platforms. For example, when we register an event app through Facebook, as a developer we have to go through an approval process. We have to tell Facebook what we’re going to request from a user. And more importantly, we have to explain why we’re collecting the data.

Since we allow event registrants to see other friends who are attending an event and to make it easy to invite others, we ask specific permission for information related to that request. That’s it. We don’t collect any other information or use the data for any other purpose. 

Just as important, it’s very clear what we’re asking for and exactly what it’s being used for. Unlike the app scenario in the Cambridge Analytica situation, there’s no lengthy permissions or hidden details about how data will be used. 

Questions to Ask About Third-Party Data Collection 

Despite an organizer’s best attempts to be clear and compliant with the data they collect, today much just as much attendee data is collected through third-party event technology or software companies. And that means understanding how these providers communicate what they collect and why it’s being collected falls squarely on an organizer’s shoulders. 

When working with third-party providers, to fully understand how data is being obtained, organizers should ask detailed questions such as:

  • How do you collect data? Is it through a transparent opt-in process?
  • How do you communicate to users what is being collected and why?
  • What are the exact ways this collected data will be used?
  • How is collected data protected? Is it kept for a certain amount of time (if at all)? Is it stored in a secure location?
  • Is any data collected shared, transferred or sold to other third-parties?

Of course, it’s important to note that event technology companies aren’t the same as Facebook or Google. The data they collect on behalf of the organizer isn’t a product. The event or show is the product and the data event tech companies collected is used to improve the experience for the attendee and grow the show.

But the situation brought to light by Cambridge Analytica and Facebook sends a crystal-clear message to exhibition organizers that they too have a responsibility to protect their attendee/customer’s information. Asking tough questions like these to any event technology provider is the best way understand what data is collected and why, and to ensure attendee data is kept safe and secure.

With so much event technology today, there are a lot of moving parts where data is concerned. 

But no organizer wants to be the poster child for a data breach, an unauthorized use of data or not being transparent about how they manage the data they collect and the data their event tech partners collect.

As the news headlines continue to highlight GDPR and Cambridge Analytica, organizers have a responsibility to understand and take control how and where data flows within the attendee ecosystem. 

Add new comment

Partner Voices
Overview: The award-winning Orange County Convention Center (OCCC) goes the extra mile to make every day extraordinary by offering customer service excellence and industry-leading partnerships. From their dedicated in-house Rigging team to their robust Exhibitor Services, The Center of Hospitality brings your imagination to life by helping you host unforgettable meetings and events. With more than 2 million square feet of exhibit space, world-class services and a dream destination, we are committed to making even the most ambitious conventions a reality. In October 2023, the Orange County Board of County Commissioners voted to approve allocating Tourist Development Tax funding for the $560 million Phase 5A completion of the OCCC. The Convention Way Grand Concourse project will include enhancements to the North-South Building, featuring an additional 60,000 square feet of meeting space, an 80,000- square-foot ballroom and new entry to the North-South Building along Convention Way. “We are thrilled to begin work on completing our North-South Building which will allow us to meet the growing needs of our clients,” said OCCC Executive Director Mark Tester. “As an economic driver for the community, this project will provide the Center with connectivity and meeting space to host more events and continue to infuse the local economy with new money and expanding business opportunities.” Amenities: The Center of Hospitality goes above and beyond by offering world-class customer service and industry-leading partnerships. From the largest convention center Wi-Fi network to custom LAN/WAN design, the Center takes pride in enhancing exhibitor and customer experience.  The OCCC is the exclusive provider of electricity (24-hour power at no additional cost), aerial rigging and lighting, water, natural gas and propane, compressed air, and cable TV services. Convenience The Center is at the epicenter of the destination, with an abundance of hotels, restaurants, and attractions within walking distance. Pedestrian bridges connect both buildings to more than 5,200 rooms and is within a 15-minute drive from the Orlando International Airport. The convenience of the location goes hand-in-hand with top notch service to help meet an event’s every need. Gold Key Members The OCCC’s Gold Key Members represent the best of the best when it comes to exceptional service and exclusive benefits for clients, exhibitors and guests. The Center’s Gold Key memberships with Universal Orlando Resort, SeaWorld Orlando and Walt Disney World greatly enhance meeting planner and attendee experiences offering world-renowned venues, immersive experiences and creative resources for their events. OCCC Events: This fiscal year, the OCCC is projected to host 168 events, 1.7 million attendees, and $2.9 billion in economic impact.  The Center’s top five events during their 2022-2023 fiscal year included:  AAU Jr. National Volleyball Championships 2023 200,000 Attendees $257 Million in Economic Impact MEGACON 2023 160,000 Attendees $205 Million in Economic Impact Open Championship Series 2023 69,500 Attendees $89 Million in Economic Impact Sunshine Classic 2023 42,000 Attendees $54 Million in Economic Impact Premiere Orlando 2023 42,000 Attendees $108 Million in Economic Impact