The California Privacy Protection Agency has fined the digital ticketing platform GoFan $1.1 million for violating state privacy laws after the service collected and sold personal data from high school students using the platform to attend school events.
GoFan, operated by PlayOn Sports, is widely used by schools to sell digital tickets for events such as football games, theater performances, and school prom. Students and parents typically use the platform to purchase and display digital tickets for entry to these events.
Privacy Violations
According to regulators, GoFan required users to accept certain conditions before they could complete their ticket purchases. These conditions allowed the company to collect users’ personal information and share it with advertising partners.
Users were prompted to click an “agree” button that authorized the collection and commercial use of their data. The system did not provide users with an option to refuse tracking or opt out of the data-sharing process.
The regulator concluded that this approach violated the California Privacy Protection Act, which grants residents the right to know when their personal information is collected and allows them to prevent companies from selling that data.
Findings From the Investigation
The enforcement order stated that GoFan’s practices led to repeated violations of California privacy law during 2023 and 2024. Regulators also found that the company’s privacy policy contained inaccurate statements.
According to the order, the company claimed in its privacy policy that it did not sell users’ personal information. Investigators determined that this statement was incorrect.
The policy also failed to clearly inform users about their right to opt out of having their data sold and was not updated regularly as required under state law.
The California Privacy Protection Agency began investigating the company in 2024 after receiving complaints from users about the platform’s data-collection practices.
Regulatory Action
As part of the enforcement action, regulators ordered the company to pay a $1.1 million penalty and update its privacy practices to comply with California law.
Under the settlement, the company must ensure that users are given proper mechanisms to opt out of the sale or sharing of their personal data. The platform must also improve transparency in its privacy disclosures and ensure compliance with data-protection requirements.
Company Response
In a statement, PlayOn Sports said it takes the privacy and safety of students and school communities seriously.
The company said the regulator’s inquiry focused on certain privacy practices that existed before December 2024 and stated that those issues have since been addressed. PlayOn also said it cooperated with authorities during the investigation and implemented changes to resolve the concerns raised by regulators.
Platform Reach
According to the enforcement order, the GoFan platform has sold more than 30 million tickets to high school events across the United States. The company also maintains contracts with approximately 1,400 schools in California.