What is behind the cheaper virtual event platforms? How does the data policy of a virtual event platform like Fairtual Technologies compare to that of the European and American market leaders? Have the world’s largest event organisers unintentionally given away their valuable customer data?
Mark Brewster (co-founder of Explori) organised a fiery debate at the 2021 UFI European Conference about the (personal) data that virtual event platforms collect, its implications for organisers and the very real power struggle between organisers and some of the platforms they use. During the session, CEOs from a number of platforms debated their views on data control and use – and… it was instructive…
Who manages your data?
The event was kicked off by Mr X (CEO of a European market leader), who explained that his platform manages the (personal) data that organisers share with it and feeds the data of all organisers into one large database of participants and exhibitors that includes all events on their platform. “Everyone using this platform has the same account for all events. If a [organisator van een evenement] cancels your contract, you cannot delete that data”. “The platform will keep this data for three years. If that visitor has not signed up for an event supported by the platform, we will delete that data after 3 years,” he said, adding that the only way the platform will consider deleting a data record is if an organiser “provides evidence that a specific visitor has opted out”. Mark asked Mr X to clarify the position on data sharing between competitors. He replied that this was not an issue and said, “As we move to a community approach, I think this would no longer be a concern for the industry.”
Mrs Y (CEO of a registration platform) noted that registration companies such as hers “do not own the data. And I think that is the biggest risk we have to think about at the moment. I understand why you want to do it, Mr X, but I think the organisers themselves should find out what they want to do and what it means to them? You say that all the big organisers like to use your platform, but I think it’s something they have to think about”. “I’m not sure many organisers fully realise what many of the third party platforms are doing with their data. So it’s good to hear that you are very open and up front about it Mr X, but I hope they listen to understand exactly what is happening.”
Mr Z explained that the position of his platform is that the sole data controller is the organiser of the event. “My platform is not a co-controller, but a sub-processor of the organiser.”
He compared the way company X shares data between competing organisers with what would happen if Amazon and eBay decided to share user data.
“I mean, how crazy would that be? That would be a huge business decision for Amazon and in this case for eBay. And organisers need to look at themselves in the same way,” he said.
Do not be evil.
Ms Y explained that by handing over control of their data to platforms, organisers could cause themselves problems in the years to come.
She recalls how Google dropped its once famous motto “Don’t be evil”, and explains that once a company has all your user data, they can do whatever they want with it.
“Net als bij Facebook is het een geval van ‘Buy Now’ maar ‘Pay Forever’.” Mrs Y
How can organisers protect themselves?
Mark asked the panellists whether their future owners might be tempted to exploit that data and possibly compete with organisers, and how the events industry can avoid this.
“I think the only real way to prove that the data will not be used in any other way than we intended is to have it written into our agreement,” Ms Y said. “And if we have the consent of the organiser, that they are happy with opt-in, to participate in this shared pool of data owners and share their data with their competitors, that is their decision. People should be aware of this and have an open discussion about it. The only way to prove that it will not be used for their own purposes is to have it in writing.”
Mr Z pointed out that awareness was crucial. “That is why it is great that we are holding this session. I think the risk of a VC coming in and changing the whole business model of an event tech company is very unlikely. It will not happen. But I agree with Mrs Y that it is actually super important to write this in the contract.”
“Organisers need to invest in independent advice from data consultants to really understand what the different positions are. There is a fundamental difference that I think we are all very aware of. It needs to be set out in contracts and clearly communicated to clients,”he added.
Mark concluded that there are ultimately risks.
“No one has a crystal ball to see exactly what is going to happen in the future, who is going to take over who, whether an organiser will take over one of these platforms or any of the other platforms that are out there or not,” and recommends organisers to themselves “Become absolutely aware of who owns what” and seek strong, independent advice.
How do virtual event platforms use your data?
If you want to know who does what with your data, here is our quick summary of the data policies of the major event platforms. There are two main approaches: control of the data either remains with the organiser or the control goes to the platform who can do as it pleases:
Fairtual Technologies | European market leader | American market leader | |
Who manages the (personal) data? | The organiser | The platform | The platform |
Can visitors and other participants with the same profile information access competitive events? | No | Yes | Yes |
Can the organiser delete the (personal) data after the event if he so wishes? | Yes | No | No |
Can the platform promote events, advertising and other services to visitors and other participants? | No | Yes | Yes |
1. The organisers are the data controllers These platforms are processors of customer data, who are there to serve the immediate needs of their client with no hidden agenda.
With Fairtual Technologies, the organisers are at the wheel. They are solely responsible for their user data, which will only be used for the purposes of the specific event and may be deleted at the request of the organiser after the event.
2. Platforms are the data controllers This is a very different approach, where the platform now has a direct relationship with users and can use this to market other events and services directly. These platforms control all data that organisers provide them with and will only remove it if they have a direct request from a participant.
European market leader
Once an organiser has connected participants to an event of this player, the platform owns the direct relationship. A user profile can be used in several – competing – events. The platform will not delete user data unless “the organiser has evidence” that a specific individual wants to be forgotten. Once the user has registered for an event on the platform, “your personal data will be stored for a period of 3 (three) years from the date of your last use of the application”.
At the 2021 European UFI conference, Mr X emphasised that the company wants to own the data for the purposes of AI, which he said outweighs any competitive problems between rival event companies.
However, this is a bit misleading as both organiser-led platforms train their AI on anonymised usage data. It is not necessary to keep the personal data of users in order to improve the algorithms.
It is clear from the data policy of this platform that they can use the data for more than that – once the data is with this platform, it can be used for a range of promotional purposes. Point 4.4 of their policy reads:‘Your personal data is collected and processed for one or more of the following purposes … to issue newsletters, invitations and promotional adverts’.
American market leader
Organisers have been concerned for years about the potential for one of the largest social media platforms to enter the event sector. A recent multi-million dollar investment in the US market leader is a clear indication of the direction it is heading, with deeper integration of its user and advertiser ecosystems likely.
This platform has a direct controller relationship with participants once they are registered on the platform, and will not delete these records without explicit consent/request from the end user, according to its data policy: “The Platform and its hosts are independent controllers of certain types of your personal data, such as your registration details (such as name and e-mail) and attendance details (such as Event name, date and time of Event, and Event sessions attended)”.
Once users are registered on the platform, the platform can use this data to sell competing events to them “To make suggestions and recommendations to you about events or other services available through the platform that may be of interest to you.” For purposes that are “Necessary for our legitimate interests (to develop the products and services available through the platform).”
And to advertise directly to your participants “To deliver relevant Platform content and advertisements to you and to measure or understand the effectiveness of the advertisements we serve to you.” For purposes “Necessary for our legitimate interests (to study how users use the Platform and to grow our business and inform our marketing and growth strategy).”