Re: Their Site
But "not in any way responsible" is not true in this case. The third party script is also unlikely to define itself as a data controller. If it was deemed by Ticketmaster to be a data controller then they would have had to do the risk analysis and the consultation with them to ensure their duties as a data controller. They would also have to notify the customers of their use of this third party data controller and gain data transfer agreements under one of the exceptions in GDPR.
It could all get a bit messy if they go down the GDPR route.