If health-related information such as contact tracing data is collected for an event, Ticketmaster may share that information with government officials and says it is regularly deleted, though no specific retention period is stated.
This analysis describes what Ticketmaster's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy reserves the right to share attendee health and safety data, which may include names, contact details, seat locations, and entry and exit times, with government authorities, which represents a significant disclosure to state actors that consumers may not anticipate when purchasing tickets.
Interpretive note: The specific circumstances and jurisdictions under which government data sharing is required, and the exact retention and deletion timeline, are not defined in the policy with sufficient precision to assess full compliance posture.
The updated policy establishes that Ticketmaster may collect biometric information in limited circumstances where necessary for service delivery or required by law, with additional safeguards and advance notice. The policy now discloses that event photography and video may be captured and used in marketing materials, with a stated right to object where Ticketmaster controls the filming. Communications may now occur through messaging services in addition to existing channels. These disclosures inform you of practices Ticketmaster may engage in, but operational impact depends on whether and how these practices are implemented in your jurisdiction or event context.
View change record →New provision explicitly authorizes government sharing of health/safety data collected during events with deletion practices specified.
View full change record →Your name, contact details, seat location, and entry and exit times may be shared with local or national government officials in connection with health and safety compliance, and you have limited ability to prevent this sharing where it is required by applicable law.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Ticketmaster has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Any information collected by us or our third-party partners in compliance with applicable health and safety requirements will only be used to contact attendees or shared with relevant local, government officials. This information is regularly deleted.— Excerpt from Ticketmaster's Ticketmaster Privacy Policy
REGULATORY LANDSCAPE: Government disclosure of personal data engages GDPR Article 6(1)(c) and Article 9(2)(i) for health data shared on public health grounds, as well as equivalent UK GDPR provisions. In the US, health-related government reporting requirements vary by state. The policy's reference to third-party partners who collect health information and direct users to those parties' own policies creates a gap in accountability that may engage FTC consumer protection standards. GOVERNANCE EXPOSURE: Medium. The provision is disclosed and grounded in legal obligation, which limits regulatory exposure from a transparency standpoint. However, the absence of specific retention timelines beyond the phrase 'regularly deleted' may not satisfy GDPR storage limitation principles or equivalent requirements in other jurisdictions. JURISDICTION FLAGS: EU and UK users have the strongest protections; any government data sharing must be grounded in a specific legal obligation, and the scope of such sharing should be proportionate. US users in states with public health reporting laws face similar dynamics but with fewer individual rights to challenge such sharing. The involvement of third-party event organizers who collect health data independently creates a separate accountability chain outside Ticketmaster's direct governance. CONTRACT AND VENDOR IMPLICATIONS: The policy explicitly disclaim responsibility for third-party event organizer health data collection by directing users to those parties' own policies. Compliance teams should assess whether contractual obligations on event organizers adequately constrain their health data collection and government sharing practices, particularly for events in the EU. COMPLIANCE CONSIDERATIONS: Legal teams should document the specific legal bases invoked for government data sharing in each market, define and publish retention periods for health and safety data rather than using the vague 'regularly deleted' standard, and assess whether the delegation of accountability to third-party event organizers for health data collection is consistent with GDPR controller obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy reserves the right to share attendee health and safety data, which may include names, contact details, seat locations, and entry and exit times, with government authorities, which represents a significant disclosure to state actors that consumers may not anticipate when purchasing tickets.
Your name, contact details, seat location, and entry and exit times may be shared with local or national government officials in connection with health and safety compliance, and you have limited ability to prevent this sharing where it is required by applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ticketmaster.