US California Privacy Protection Agency fines GoFan $1.1m for selling high-school students' data
Change
US California Privacy Protection Agency fined GoFan $1.1m after finding the ticketing service forced users to click a mandatory "agree" button that blocked opt-outs and sold high-school students' personal data to advertisers.
Why it matters
Companies that collect personal information from captive audiences in California must now provide clear, lawful opt-out routes and truthful, annually updated privacy notices. Enforcement creates a compliance constraint: consent gates that prevent opt-outs or produce false privacy statements are subject to penalties.
Implications
- • Online ticketing platforms' product and legal teams must remove mandatory consent gates and implement at least two distinct opt-out mechanisms for California residents or face enforcement fines by the California Privacy Protection Agency.
- • Privacy compliance teams at companies that collect or sell Californians' personal data must annually update privacy policies to accurately disclose data-sales practices and enable deletion and opt-out rights or risk regulatory penalties.
Unlock the decision layer.
Go beyond headlines — see impact, exposure, and timing.
- Implications: What actually changes downstream.
- Who is affected: Which teams or operators are exposed.
- What to watch: Deadlines, triggers, and next moves.
- Real-time alerts: Know the moment a change is published.
- Ask AI: Clarify any brief instantly, in context.
14-day free trial. Full access. No credit card required.
Start free trial
Source
Topics