The latest industry news to your inbox.


I'd like to hear about marketing opportunities


I accept IQ Magazine's Terms and Conditions and Privacy Policy


GDPR, mailing lists and the live business

Music law expert Rob Eakins outlines some of the basic requirements artists and companies need to fulfil when dealing with data collection and usage

17 Jul 2019

Rob Eakins, HRC Law

The data generated by digital platforms such as Spotify provides musicians with valuable insights into their fans’ locations and behaviour. Fortunately, much of the data provided by third-party platforms is anonymised, which means it generally falls outside data protection legislation.

However, bands, promoters and booking agents routinely collect contact details and other personal data relating to their fans and customers, which falls squarely within the remit of the legislation.

There is a legal requirement when collecting, using and storing personal data to inform the data subjects about what data you are collecting and what you will be doing with it. This doesn’t just apply to companies; bands and musicians acting in the course of business also have this obligation (there are exemptions, and you should visit your local information commissioner’s office website to find out more).

This is usually done via a privacy policy, which should be tailored to your specific uses of the data you collect. If you have a website, it is good practice to have a link to your privacy policy on your website.

If you’re planning to share personal data with a third party, such as between a band and a promoter, it’s important to establish a legal basis

So, if you receive an email from a fan asking for information about a forthcoming tour, can you add their email address to your database and start sending them marketing material? The simple answer is no, you can’t.

Individuals usually have to give explicit consent to their personal data being used for marketing purposes. However, you can reply to the fan, answer their question and ask if they want to join your mailing list. If they agree, you are free to market to them, but remember to make a record of their consent, and ensure that your marketing emails include simple instructions to help the recipient locate your privacy information and opt out of the emails.

If you’re planning to share personal data with a third party, such as between a band and a promoter, it’s important to establish a legal basis for this transfer to take place. This should be set out in your privacy policy. Data protection is a tricky area, and care should be taken not to breach the legislation.

Rob Eakins can be reached on +44 161 358 0280 or [email protected]


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Comments are closed.