The festival summer of 2023 came to an end. Obviously, local media highlighted these events extensively. Unfortunately, people deceased and some stages were overcrowded. Like any year we paid more for beers. In the margin of these things, people habituated to increasingly available cashless wristbands, which they adopted with great joy, because they alleviate the tough life at the festivals.
When you enter a festival for the first time you receive a wristband. In the past, its function was to grant you access to the festival ground. Today, it is common that this wristband contains a QR-code. Sometimes you scan this to access the festival. In addition and more importantly, this QR-code functions more often as a means to manage your drinking and eating coupons. You scan the QR-code with your payment application to buy coupons and your QR-code gets scanned by the bar personnel in order to pay your bills. You live cashless and more carefree at these festivals.
The ethical Belgian hacker Inti De Ceukelaire pointed out some risks that accompany this innovation (blog article). Malicious actors could transfer your consumption balance to themselves, claim your access to the festival or violate your privacy, by uncovering what you spend at any given place and time. The latter introduces my concern for society at large with such novelties: what with our privacy!?
In my opinion no company, no government instance, not my mother nor I needs to know what I spend at any given place and time at a festival. Therefore I bathe in unanswered questions. What data does a festival collect about its visitors? What does the festival do with this data? To who does it sell this data? What do the buyers do with it? Is the festival liable for the actions of the buyers? Am I targeted for commercial or other purposes on the basis of the collected data? Do festivals anonymize the data, in what way and how do they guarantee this?
If festivals dare to answer these questions transparently and public opinion doesn’t condemn this data collection, than our society can embrace this innovation. If not, then representatives of the people do well to create a legal framework to protect citizens against potential nasty consequences.
At the level of the individual, everyone should get a clear, honest possibility to an opt-out or refusal of such data collection. Therefore festivals should first clarify their privacy policy or terms and conditions considering data collection. Second, festivals should not demand or incentivize to accept legalese texts. Just as Inti De Ceukelaire warns, you better make an account in advance to prevent malicious actors to transfer your consumption balance. Furthermore, festivals motivate to make an account in advance by offering sales reductions. Making an account will at least require to share your email address and accept the data collection. The financially conscious festival goer will not have a clear and honest chance at privacy.
My plea feels a bit inequitable, because I risk to turn the paying festivals, which I like dearly, into a scapegoat of a sadly ubiquitous practice. Also some free (city) festivals push their visitors in the direction of data sharing, by encouraging or obligating the use of special festival cards. Looking way broader, massive data collection from consumers is the bitter reality. You have to be apprehensive for any “smart” device you use, like vacuum cleaners (Mashable), the dolls from your kid (The Verge) or even a rectal thermometer (Vice). Everything with a direct connection to the internet or indirect via your smartphone can gather information about you to be subsequently wrapped and sold for the purpose of others. This is how “surveillance capitalism” works according to Shoshana Zuboff, professor emeritus from Harvard Business School (book and VPRO documentary). Your spending behaviour at the festivals is only the umpteenth drop, but hopefully the one that makes the cup run over and turns the tide…