Eventbrite may share your personal data with advertising companies to show you targeted ads, and under California law this may count as a 'sale' of your data, but you can opt out through your account settings.
This analysis describes what Eventbrite's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your browsing behavior, event interests, and personal identifiers may be shared with advertising partners for targeted advertising, and exercising the opt-out requires affirmative action by the user.
Interpretive note: Whether Eventbrite's opt-out mechanism satisfies CPRA's GPC recognition requirement and whether advertising data flows qualify as 'sale' or 'sharing' depends on implementation details not fully disclosed in the policy text.
The updated terms establish formal procedures for UK-based users to lodge data protection complaints directly with Eventbrite via privacy@eventbrite.com, with assurance that complaints will follow ICO guidelines. The revised policy also confirms that all users have the right to escalate complaints to their national data protection authority or applicable regulator if they believe Eventbrite has violated privacy laws or has not adequately addressed their request. Previously, the policy referenced a Data Privacy Framework Notice but did not specify complaint procedures or regulatory escalation pathways. These additions clarify existing legal rights under UK and EU data protection law rather than creating new consumer obligations.
View change record →Previous version had empty excerpt; current version now clarifies mechanisms for opting out (account settings and privacy portal) and explicitly defines data sharing as potential 'sale' or 'sharing' under privacy laws.
View full change record →Users who do not actively opt out may have their personal data including behavioral and interest data shared with advertising partners for cross-context behavioral advertising, which California law classifies as a regulated 'sale or sharing' of personal information.
How other platforms handle this
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Eventbrite has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with advertising partners for the purpose of showing you ads that are more relevant to you. This may constitute a 'sale' or 'sharing' of personal information under applicable privacy laws. You have the right to opt out of the sale or sharing of your personal information for targeted advertising purposes. To exercise this right, you can visit your account privacy settings or submit a request through our privacy portal.— Excerpt from Eventbrite's Eventbrite Privacy Policy
1. REGULATORY LANDSCAPE: This provision directly engages CCPA/CPRA, which grants California residents the right to opt out of the sale and sharing of personal information for cross-context behavioral advertising. CPRA also requires businesses to recognize the Global Privacy Control (GPC) signal as a valid opt-out, and compliance teams should audit whether Eventbrite's systems honor GPC. Under GDPR, behavioral advertising typically requires explicit consent as a legal basis under Article 6, and the policy's reliance on legitimate interests for advertising purposes may face scrutiny from EU supervisory authorities. 2. GOVERNANCE EXPOSURE: High. The classification of behavioral advertising data flows as potentially constituting a 'sale' or 'sharing' under CCPA/CPRA requires robust opt-out infrastructure. Non-compliance with opt-out requirements has been an active area of California Privacy Protection Agency (CPPA) and State AG enforcement, and the adequacy of Eventbrite's opt-out mechanism is a material compliance question. 3. JURISDICTION FLAGS: California residents have the clearest and most enforceable opt-out rights under CPRA. Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws also provide opt-out rights for targeted advertising, though the enforcement posture varies. EU and UK users face different frameworks where consent is the operative mechanism rather than opt-out, meaning the default position for EU users should be no behavioral advertising absent affirmative consent. 4. CONTRACT AND VENDOR IMPLICATIONS: Advertising partners receiving data under this provision should be assessed as to whether they qualify as 'third parties' (triggering sale/sharing opt-out obligations) or 'service providers' under CCPA/CPRA, as this distinction determines Eventbrite's contractual obligations and the scope of user rights. Procurement teams using Eventbrite in an enterprise context should assess whether employee data could be captured in advertising data flows. 5. COMPLIANCE CONSIDERATIONS: Legal and compliance teams should verify that the opt-out mechanism is functional, accessible, and that GPC signals are honored as required under CPRA. Data mapping should identify all advertising and analytics partners receiving personal data and confirm the legal basis for each transfer. Cookie consent management on Eventbrite's web properties should be audited for alignment with both GDPR consent requirements and CCPA/CPRA opt-out obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your browsing behavior, event interests, and personal identifiers may be shared with advertising partners for targeted advertising, and exercising the opt-out requires affirmative action by the user.
Users who do not actively opt out may have their personal data including behavioral and interest data shared with advertising partners for cross-context behavioral advertising, which California law classifies as a regulated 'sale or sharing' of personal information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Eventbrite.