20/07/2025
Last week’s Coldplay gig at Gillette Stadium in Foxborough, Massachusetts made the headlines for all the wrong reasons. A “Kiss Cam” moment captured a seemingly innocent smooch between two audience members…who turned out to be the CEO and HR chief of a tech company. Awkward. Viral. Career-Changing.
Behind the headlines, lies a deeper privacy question: is anyone responsible when a moment meant for a stadium crowd ends up all over TikTok?
The Legal Bit
First things first, GDPR does not apply here – this is the US after all. However, it doesn’t mean that there is no legal framework. Gillette Stadium is in Massachusetts. Massachusetts has its own privacy laws, including statutory and common law rights against intentional intrusion on “private affairs or concerns” of others. This concept of “intrusion upon seclusion” is particularly relevant where, under US and state law, there’s generally limited expectation of privacy in public spaces.
This was made clear in Gillette Stadium’s own Privacy Policy which clearly says that you are likely to be filmed at on site events. We expect that there would have been additional notices at the event too. So, the Kiss Cam and jumbotron are of course part of the event experience, right?
Do phones change everything?
Here’s the catch. Everyone has a camera in their pocket. It is entirely predictable that a jumbotron moment, especially the popular Kiss Cams, will be filmed by nearby fans and posted to social media. That is not technically the band or venue’s fault but should they have anticipated it!? It appears that they did! Third-party recordings are also covered in their privacy policy. Whether this is enough, only a Court can determine. As there is no single data national protection law, like the UK GDPR, how Courts apply intrusion upon seclusion can vary.
Concertgoers may have a right to film, but what is legal isn’t always ethical. Blasting a private moment across TikTok for likes will always raise questions.
Nobody said it was easy…
Creatively, artists often want to capture audience reactions and foster a communal vibe. But do they have a role in safeguarding the privacy of their audience? Particularly when using tools like Kiss Cams, which deliberately single people out?
In a world where everything is filmed, clipped, shared, and meme-ified in seconds, artists and venues need to think beyond the fun of the moment. Yes, you want connection. But are you inadvertently exposing someone’s relationship status? Their sexuality? Their reaction to being caught off guard? And what happens when that moment is misinterpreted or exploited online?
UK GDPR
Had this incident happened in the UK, the legal landscape would be somewhat different. The UK GDPR and Data Protection Act 2018 would apply if the footage could identify the individuals. Use of such personal data must be lawful, fair and transparent. Even use in public spaces, the lawful basis would need to be clear particularly where they are singled out or presented in a way that could cause harm or distress. Where real harm or distress is likely they could file a complaint with the ICO or where harm or distress is evidenced they could even pursue compensation under the DPA.
Should venues rethink Kiss Cam?
Venue privacy notices may cover the jumbotron but we live in a world where moments don’t just stay in the stadium. We’re not saying scrap the fun, but it might be time to ask:
- Should explicit consent be obtained before zooming in on audience members?
- Should privacy notices discuss viral potential of recordings?
- Should artists and organisers acknowledge potential risks?
Whilst legal boxes may be ticked, should artists and organisers consider the ethical risks!?
And for now?
If you’re having an affair, maybe skip the PDA when the jumbotron pans your way…
JH Data Protection Limited 
Leave a comment