Are Meeting Planners Responsible for Attendee Privacy?

Beware clauses that put obligations exclusively on your organization.

Jonathan T. Howe 2016

 Privacy laws like Europe's General Data Protection Regulation require everyone to pay close attention to issues relating to the use of attendees' personal information.
 Meeting planners should be wary of clauses that make their organization responsible for getting attendees' permission for a hotel to use their personal information.
 Don't be afraid to ask that unfair clauses be stricken from a contract.

Contracts in the hospitality industry are not static documents. They change with time due to adverse circumstances; if you have a bad experience, a revised contract becomes the means by which you try to prevent it from happening again.
Today we are seeing some clauses added to contracts from hotels and other suppliers that attempt to do this, but at great risk and unfairness to the other side -- namely your organization. With today's new privacy laws and most particularly the General Data Protection Regulation of the European Union, everyone is skittish of what happens to personal data they might obtain and how to protect it. One of the ploys used today is to shift that liability to another party via the contract.

Case in Point

Many hotel contracts now include a provision that the organizer of the event (you) shall bear the responsibility to obtain the permission of each attendee for the property to utilize personal information that the attendee provides. This might include sharing that information with other hotels, using it for marketing purposes, for sale to third parties, etc.

In such instances, the organizer is placed in an almost impossible position between the property and the attendee-as-guest. The hotel soliciting the information should be the party that needs to obtain such permission from guests, while it is up to the guest to limit the use (and extent) of such information if he/she chooses.
Information provided by the attendee should similarly require permission to be used by the organization, limited to purposes of fulfilling the contractual obligations of the parties, such as providing a room at the hotel or allowing registration, printing a name badge, etc.

Clauses to Avoid

An example of a bad and overly broad clause is: "Organization will obtain all necessary rights and permissions prior to providing any personal data by it or direct from the guest to the hotel, including all rights and permissions required for the hotel, hotel affiliates and service providers they use to transfer the personal data to locations both within and outside the point of collection including to the United States in accordance with hotel's privacy statement and applicable law."
Another clause to be wary of provides that the organization shall be responsible for the acts or omissions of its attendees that might lead to a claim being raised against the hotel. There could also be a requirement that any damage done "to the venue's property" will be covered by the meeting host.
Basically, adults should be responsible for their own acts or omissions and not be the responsibility of someone else. Strike improper clauses or fully understand the extent to which you are taking on a large potential liability that you really shouldn't have to cover.

Jonathan T. Howe, Esq., is a senior partner of the Chicago and Washington, D.C., law firm of Howe & Hutton Ltd., specializing in meetings and hospitality law. Email questions to him at