CCPA Privacy FAQs: Under the CCPA, can a conference organizer use on-site tracking?

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

[co-authored by Jason Schultz]

Yes.

On-site tracking refers to the practice of scanning attendees’ badges manually (e.g., bar code) or automatically (e.g., RFID chip in badges read at doorways). Organizers track this information for various reasons such as to award credit attending various panels (e.g., continuing education verification) or for their own analytics (e.g., to track session attendance for future room allocation or to determine future programming).

Assuming that the CCPA applies to a conference organizer (e.g., the organizer does business in California and meets the minimum revenue or data subject thresholds), nothing within the CCPA prohibits the use of on-site tracking. The CCPA would require that a conference organizer disclose that they are tracking attendee behavior as well as disclose their purpose for tracking. While the disclosure might come in the form of a privacy policy provided to attendees, it could be less formal – such as via a poster or sign at check-in. Conference organizers should also consider the additional CCPA related implications:

  • If the organizer intends to sell the data to third parties, the organizer will need to provide a “Do Not Sell my Information” link in their online privacy notice.
  • An organizer may receive a request from an attendee for access to their information. In response to such a request, they may need to disclose all of the data collected about a particular attendee (e.g., locations tracked, activities recorded).
  • An organizer may receive a request from an attendee to delete their information. In response to such a request, they may need to have the ability to selectively delete information about the attendee, or to explain to the attendee why such information is not required to be deleted (i.e., it is being used internally for a purpose consistent with the expectations initially set as part of disclosing the organizer’s privacy practices).
  • If the organizer relies upon a third party to collect, host, analyze, or manage the data collected about attendees, the contract with the third party should meet the “service provider” requirements of the CCPA.

For more information and resources about the CCPA visit http://www.CCPA-info.com.

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

[View source.]

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide