REGULATORY · USA
California privacy regulator fines GoFan/PlayOn over forced consent and sale of student ticketing data
Change
On 27 February, the California Privacy Protection Agency (CPPA) ordered GoFan (owned by PlayOn) to pay a $1.1m fine for repeated violations of the California Privacy Protection Act in 2023–24 tied to collecting and selling users’ personal information without an opt-out option.
Why Now
GoFan’s software prompted users buying tickets for school events to accept terms allowing collection of personal information and sale to advertisers. Users could only proceed by clicking an “agree” button and were not offered an opt-out. The CPPA order states this design led to repeated violations of the California Privacy Protection Act during 2023–24. The order imposes a $1.1m fine. PlayOn stated the inquiry focused on privacy practices prior to December 2024 and said the matters have been fully resolved.
Impact
- • $1.1m monetary penalty imposed on GoFan/PlayOn via CPPA order.
- • CPPA determination that a forced “agree to sale” flow without opt-out violates the California Privacy Protection Act.
- • Ticketing/entry to school events tied to tracking for advertising was cited as unlawful for Californians under the order.
Who Recalculates
- • Ticketing and event-access software providers
- • Adtech/advertising data buyers using ticketing-derived personal information
- • Schools contracting for ticketing services
- • Compliance and privacy teams handling opt-out and notice rights
Source
Topics
Law & Public Safety Regulatory Actions Compliance Data Privacy