If a show turns people’s data into a visual dance, it’s a data‑processing activity under GDPR and similar laws. That means you need a lawful basis – usually explicit consent or a carefully weighed legitimate interest. In a public event you can’t assume consent, so you’d need a clear opt‑in and a privacy notice that explains what data is used, how long it stays, and how it’s protected. If you skip that, you expose the performers and the audience to potential fines and a data breach. An artistic claim of “privacy on stage” doesn’t absolve you from those duties. The safest route is to anonymise or aggregate the data before using it, so the audience can enjoy the performance without risking their personal information.