蜜桃影视

Get stories like this delivered straight to your inbox. Sign up for 蜜桃影视 Newsletter

This story was originally published by . for their newsletters.

Before they could attend school football games or school plays, high school students across California had to give their personal information over to a ticketing platform, GoFan, which then sold that data to advertisers, state privacy regulators said. The parent company PlayOn, which has contracted with roughly 1,400 California schools, repeatedly violated state privacy law in 2023 and 2024, according to a January filed by the state鈥檚 privacy protection agency.

The California Privacy Protection Agency, sometimes known as CalPrivacy, announced the order Tuesday, saying it is fining PlayOn $1.1 million for failing to give students and families a way to opt out of their data collection.

PlayOn offers a slew of online products that coordinate ticket and merchandise sales for schools and youth sports organizations, along with other services, such as fundraising and streaming. Its subsidiaries include GoFan, MaxPreps, and NFHS Network, which are used by school districts stretching from Los Angeles and San Diego to Modoc, Mono, and Sierra counties, the order says. The company鈥檚 annual gross revenue is over $26 million.

When users tried to access tickets for school events through one of PlayOn鈥檚 platforms, GoFan, a pop-up appeared, prompting the ticket-holder to agree to the company鈥檚 privacy policy, which allowed the sale of personal data. There was no way to say no, the order said: The pop-up obscured the screen so that it was impossible to access the ticket without agreeing to the company鈥檚 terms.

鈥淪tudents trying to go to prom or a high school football game shouldn鈥檛 have to leave their privacy rights at the door,鈥� said Michael Macko, CalPrivacy鈥檚 head of enforcement, in . 鈥淵ou couldn鈥檛 attend these events without showing your ticket, and you couldn鈥檛 show your ticket without being tracked for advertising. California鈥檚 privacy law does not work that way. Businesses must ensure they offer lawful ways for Californians to opt-out, particularly with captive audiences.鈥�

PlayOn 鈥渄oes not admit liability for any violation鈥� of state law, according to the disciplinary order, which effectively functions as a settlement agreement. The order also notes that the company significantly changed its privacy policy in December 2024, allowing users to opt out of data collection, bringing the company into compliance with the state law. These data privacy matters have been 鈥渇ully resolved鈥� since then, said James Dickinson, the company鈥檚 senior vice president of marketing, in an email.

The fine is the first time that the state privacy agency has gone after a company for violating the rights of students and schools, according to the press release. The agency formed in 2020 when voters backed calling for increased enforcement of data privacy laws.

Exceptions to California鈥檚 privacy law

California has some of the strongest data privacy laws in the country, including a landmark 2018 law that requires large for-profit companies to give users a relatively easy way to opt out of data collection or delete their data.

Enforcing the law can prove tricky though. Last year, found that more than 30 companies made it difficult for customers to exercise their privacy rights. While the companies were technically abiding by the law, which requires them to give customers a way to delete their information, they used special code to hide that information from Google search results.

The 2018 law also has a number of exceptions, including for non-profit organizations and for companies that buy, sell or share data from less than 100,000 California residents or households.

The state privacy agency is responsible for enforcing the law. In the past 12 months, the agency has found violations by the menswear company , the rural supply retailer . and the automaker , each resulting in fines ranging from $345,000 to $1.35 million. In January, the state said in that it fined Datamasters, a data broker, for selling the names, addresses, phone numbers, and email addresses of 鈥渕illions of people with Alzheimer鈥檚 disease, drug addiction, bladder incontinence, and other health conditions for targeted advertising.鈥� The broker also traded data on individuals鈥� perceived race, political views and banking activity.

California has additional protections regarding the collection and sale of students鈥� data, but those laws do not necessarily include apps and services used outside of the classroom, even when that technology is a de facto requirement for participation in school sports or extracurriculars. Assemblymember , a San Luis Obispo Democrat, introduced a bill this year that would expand the number of tech companies who need to abide by California education privacy rules, but the laws could still leave out many popular student services, last month.

PlayOn did not respond to questions about its compliance with California school privacy law. The PlayOn says it doesn鈥檛 collect personal information from 鈥渕inors under the age of 16 without proper consent鈥� but it doesn鈥檛 mention anything about students who are age 16 or 17.

California law prohibits companies from selling all K-12 students鈥� data, regardless of their age.

This article was and was republished under the license.

Did you use this article in your work?

We鈥檇 love to hear how 蜜桃影视鈥檚 reporting is helping educators, researchers, and policymakers.