Requiring Food Delivery Apps to Turn Over Consumer Data Would Be A Mistake
It’s no secret that usage of food delivery apps, such as DoorDash, GrubHub, Uber Eats, and Postmates, have surged during the pandemic as restaurants across the country have had to shutter their dining rooms. DoorDash, for example, reported that its revenue grew nearly 200 percent from the prior year to $1.1 billion. These apps have allowed restaurants to stay afloat, provided driving jobs for out-of-work Americans, and brought convenience and safety to customers with online ordering and contactless delivery.
But the New York City Council is considering legislation that would undercut third-party food delivery services by requiring these businesses to share customer data with restaurants. The bill, backed by the New York City Hospitality Alliance—a trade association to represent restaurants in the city—would require third-party delivery apps to provide to restaurants the name, phone number, email address, and delivery address for each order. This legislation would not only undermine consumer privacy—individuals would have no option to opt-out of disclosing their information to restaurants—but it would also limit the viability of many of these food delivery services, ultimately resulting in higher costs and less convenience for consumers.
This law would be bad for consumer privacy by forcing third-party delivery services to share the personal information of their customers with restaurants. Many restaurants, especially smaller ones, may have no privacy policy in place or security controls to protect consumer information, so this information would be at risk of theft or misuse. Incredibly, the legislation does not even have any provision that would allow consumers to opt-out of this data sharing, which means delivery apps would have to share this information with restaurants even if a consumer instructs them not to. This presents a potential safety risk to customers, as it is not unheard of for creepy restaurant workers to misuse consumer data to track down previous patrons.
This is a case of the restaurants wanting to have their cake and eat it too. Food delivery apps provide a valuable service for restaurants: Not only do they handle the logistics of getting food to customers and processing payments, but they also bring in new and returning customers to restaurants. They receive fees for this service, but they also collect data that allows them to optimize their service and market to consumers. This law would undermine food delivery services by forcing them to give up much of this valuable data that they have invested in collecting while offering them nothing in return. The law would essentially turn third-party food delivery services into free referral sites for restaurants.
It is not surprising that restaurants want more data about their customers so they can analyze trends in consumer behavior, engage in additional marketing, and cut out the intermediaries. But they are already free to do so—just not for free. Restaurants can operate and collect data from their own food delivery service, they can pay referral sites to bring in more customers, and they can offer promotions to their customers to get them to share their personal information. Indeed, many restaurants have built apps and loyalty programs or joined existing ones, exactly for these reasons. Nobody is forcing them to use third-party food delivery services.
There is no justification for requiring delivery services to turn over this information. Where would this policy stop? Why shouldn’t search engines also be forced to turn over the names or IP addresses of users who search for certain restaurants, or ISPs be forced to turn over billing information for users who visit the websites of restaurants? And why shouldn’t restaurants be forced to share any information they collect with their chefs or suppliers who may prefer to market their food and services directly to consumers?
Ultimately, requiring delivery apps to turn over this data would undermine their business model. As it stands, despite their rapid increase in popularity, most third-party delivery services are not yet profitable. Requiring these businesses to turn over their data for free will leave them with few choices but to raise prices for consumers if they hope to create a workable business plan.
While this protectionist policy may sound appealing initially to some councilmembers, it would be a serious violation of consumer privacy and undermine the very sector that the city should be supporting, and therefore should be rejected.