Navigating event attendee data requires the right balance between collecting valuable information and respecting event attendee privacy. But with rapid advancements in technology and law that struggles to keep up, finding that balance can be tricky, especially as tech becomes cheaper and easier to access.
Catalyzed by a recent Tech Crunch headline about a General Data Protection Regulation (GDPR) violation at Mobile World Congress (MWC), Will, Nick, and Dustin tackle attendee data in today’s episode. But before diving into this pressing issue, Nick provides some background information on MWC’s fine.
Background: Mobile World Congress Makes Headlines
“MWC is an influential consumer electronics show in Barcelona, Spain,” says Nick. Recently, MWC received a fine over its biometric data usage. “An appeal against the show says it violated the GDPR that covers Europe, and therefore, attendees had their personal information violated.”
“It’s one of those things where the most aggressive privacy protection in the world is in Europe. Second place might go to Canada. California and Australia are also vying for that, but in the EU, it’s a big deal. This company is looking at what looks like a $200,000 fine.”
What Does This Mean for U.S. Events?
Following that background, Will Curran kickstarts today’s conversation with a question we’re all wondering, “How much of this is an issue just because it’s taking place in the EU? Do you think the same issue would happen in America?”
“Certainly, in California, there’s more risk for this. I also think there’s an opportunity if you have EU citizens at your event,” says Nick. As he sees it, there are two more unique ways a company could face ridicule for their data collection practices. “There’s PR blowback, which could happen anywhere there’s increased data collection. The worst-case scenario is if you facilitate a bad actor’s ability to do something malicious with the data. This one-to-one thing might not be the outcome in the U.S., but it’s very easy for many other things to be triggered.”
“And it sets precedence, right?” adds Dustin. “It sends a message to attendees saying, when you’re not happy about how your data is collected, go to court. That’s dangerous for us. In this case, I see it as a problem that needs to be solved, and we want that experience to be better as producers and consumers. These things make that better, and we have to find a way to do this that’s lawful and respects event attendee privacy.”
Who Cares About Event Attendee Data?
As Dustin continues, he turns the group to the question of stakeholders. In other words, who really cares about data? “We don’t fully understand how these things work. As the event industry continues to move forward and advance in technology, we’re going to see this pushback. I also think if you care about this, you really, really care about this. And if you don’t, you don’t.”
Nick agrees. “Only the outliers have a really strong feeling about where their information goes when attending an event. The vast majority don’t,” he says. The reason? “The social contract of attending a B2B event is based on visibility. The case I make for B2B events is that no one bats an eye about the idea that you put your name and where you live around your neck.”
To Dustin, that’s an excellent point about how attendee data is shared. “Really, break that down. You’re wearing a badge with your name and where you live on it in the hotel you’re staying at. You’re opening yourself up to problems. It’s one Google search to find out more about you.”
“I put data privacy agreements in all my contracts,” shares Will. And when virtual events peaked, he regularly found himself in 20-hour meetings with lawyers over the contract. “But it’s funny how as virtual events kind of disappeared, no one cares about the data privacy agreements anymore. But this stuff is still 100% relevant.”
All of this is to say that event attendee data is complex and nuanced. “I don’t want anyone listening to this to come away with the thought, ‘I need to go back to an antiquated way of doing events,’ says Nick. “It’s a tricky tightrope to walk. And that’s mostly what we’re talking about today.”
Regulating Event Attendee Data Moving Forward
In the case of the MWC event, MWC itself received the fine. But what happens when data collection technology is available to any and everyone? “It’s going to become so cheap and easy to access that it’s going to be deployed by people other than the show producers,” says Dustin. “Then we have the challenge of figuring out how to regulate that. What’s our liability when someone within our show is doing it?”
“This reminds me of when badge scanning became popular,” shares Will. People would go around the show floor scanning badges without permission. “When technology evolves, how do we, as organizers, design our policies to have a system? It’s a great topic because we need to start putting this in our exhibitor agreements.”
Dustin agrees. It’s an interesting problem to have. But as he points out, the government has had to step in in the past. “Our industry wasn’t like, ‘Let’s get together and find a responsible way to use this data.’ The same thing is going to happen with these new technologies. They’re going to be deployed fast, with a race to the bottom in efficiency and price. Eventually, the laws will catch up, and there will be carnage. We didn’t fix that problem. We capitalized on it, overused it, and then got it taken away.”
Should Companies be Concerned?
“To bring it back to the article, do you think events should be concerned about their attendees taking legal action?” asks Will. “And how much of this was the vendor’s fault? How much do we need to be worried that this is the new tripping on the crack at the venue?”
Dustin thinks event organizers can help by being more transparent early on. “If you’re putting a program together using new tools that aren’t commonly seen, you better do your due diligence and figure out how to ensure that you’re deploying it safely. This is where transparency is essential. Telling your attendees what to expect before arrival is part of it. Every attendee should have the right to say, ‘I don’t want to be a part of that.’ If they don’t, then that’s okay.”
In the U.S., we might say, ‘If you don’t like it, don’t come.’ But where GDPR applies, that approach doesn’t work. “You have to be able to collect data that doesn’t exclude anyone,” says Nick. “They had no way to attend this event other than giving up their biometric information. That’s a violation of GDPR.”
“That’s something that a good tech provider should be able to tell you,” continues Nick. “Like, ‘Legally, we can deploy our technology, but there are limits.’ This company could have said, ‘We could make this process foster for 99% of people who don’t care and offer an opportunity for the 1% of people who do.’ That’s the right thing to do. I assume this organization with MWC didn’t say that.”
Dustin agrees but believes that tech should be the leader in transparency. “We ask the average hardworking event professional to know too much about everything far too often. This is a world where we should rely on tech to advise us on deploying legal and ethical products.”
He continues: “It’s shitty for this organization to have this quarter-million dollar mistake, but this may be the only way we start to figure our way through this. Data will always be a pushing boundary. It’s always about finding and walking that line as close as possible; it will take trust to allow us to do that. And we have to trust that tech companies are leading us down an ethical and legal path. And when shit hits the fan, they should be the ones standing in front of it.”
Nick agrees. And as an example, he points to the relationship between catering professionals and event planners. “Planners rely on a caterer to say, ‘We can’t serve that in the summer. Or we can’t have this out there if it rains.’ When it comes to tech and data, it’s the same idea. Planners are not food temp geniuses; after that, they have to rely on the professionals they hire.”
“Let’s treat data and tech like we treat personal safety,” says Dustin. “Let’s make it just as important. We’re not all experts, but we know when to ask the right questions. We know when we need an expert at the table.”
And make sure you vet your partners. “Ask for certifications and ask tough questions,” adds Nick. “See if they flinch. The vetting process is one of the most important things a planner can do.”
Final Thoughts on Event Attendee Data
The Mobile World Congress case highlighted the importance of prioritizing event attendee data and privacy. Even if you aren’t organizing an event in the EU, California, or Australia, GDPR could still impact your business. And while this might not be the new “tripping over a crack,” it should still encourage you to reflect on your own data collection and privacy practices. What do you think? We want to hear your stories, concerns, fears, and advice. Email us!