Imagine the following: A software is aimed at helping you manage the data of your conference. You run into zero technical hurdles, everything is fine and you‘re able to continue with your planning process. On the very first day of the conference, several of the software provider’s staff members show up onsite. You didn’t invite them but never mind, they’re not here to assist you or help with checking in attendees anyway. Armed with their cameras, they’re just about to document everything that’s seemingly important about your event. The software provider will later use the resulting photos and videos for advertising purposes as that has been part of the contract you signed some months ago.
Sadly, that’s not entirely unrealistic for there are providers whose terms of service contain peculiar clauses that grant them wide-ranging rights:
#eventbrite From their terms of service, updated this month. pic.twitter.com/36D2ca6wJb
— KarynF (@Filibuster3) 22. April 2018
The provider has since removed the rights, but if it hadn’t been for some alert users, the wording probably wouldn’t have changed at all for now.
You’ll pay for free software, too
Particularly in light of the new General Data Protection Regulation GDPR, a demeanor like that is more than just a bit problematic. The EU regulation promises to extend data protection laws after all. If however providers come up with the idea to dodge these regulations, you could be held accountable for that as well.
Always be skeptical when it comes to free software. Whenever a provider offers you a conference management system for free, there might be a hitch somewhere. Hardly anything is for free as the provider needs to put money into software development and sales for instance. It’s therefore likely that you’re going to pay with your attendees’ data. Maybe the software provider will forward the data to third parties. As soon as that is mentioned in a document you should have read, you might come under pressure for failing to offer an explanation. This would include admitting to not having dealt with the software’s terms of service in an adequate manner even though you’ve been actively using the system. And you are likely to face some very vocal attendees who are not willing to buy a ticket for any of your future conferences. Besides, there are probaly very few conference organizers that are keen on long-term legal battles. First and foremost, the software is supposed to assist you with organizing your conference – and that’s what the provider should have in mind as well.
To keep out of harm’s way, start using a conference software only when the provider is able to answer the following questions:
- Where does the provider store the attendees‘ data?
Ideally, it is stored on a German server. Stored outside Germany, there’s always the risk that your data might not be fully protected against unauthorized disclosure as well as access. Legally, there could be exceptions you haven’t heard of before. The GDPR actually allows for adjustments to national laws. However, pre-GDPR German data protection laws have already been very strict. Stored on US servers, you just can’t tell who will be able to access your data. - How strictly does the provider follow the GDPR’s rules?
Until May 25, all regulations must be implemented. Ask the provider about their progress. Do not hesitate to address individual issues and inquire about the means the provider uses to protect the data. In case they have a clear concept, they will be glad to give you a thorough explanation. - Can you be sure that the provider won’t forward the data?
If that’s the case, it’ll be included in the provider’s documents for you. Read them carefully and pay attention to what they say about collecting, saving and forwarding attendee data. None of these actions should happen without your knowledge. - Will the data be deleted once the conference ends?
Prior to using a conference software, you should think of what happens after your event’s closing ceremony. The software provider won’t need your conference’s data any longer. If there’s an option for deleting it, you can be sure that the provider won’t forward the data to anyone else afterwards.
Do not let them make the rules
Of course that doesn’t mean you should hermetically seal your conference from all of your partners and providers. Maybe they would like to use your conference as a case study and need some photos for their website. If you agree to that, give clear instructions such as taking pictures is only allowed before or after the presentations and all photos need your permission before the provider puts them on their website. Never leave it to the software provider to dictate the rules as that’s never fair – neither towards you nor towards the attendees of your conference.