In 1995, two Stanford University students, Craig Cohen and Michael Adelberg, launched a little-known food delivery service that would revolutionize the restaurant industry. The premise of World Wide Waiter was simple: connect consumers and restaurants in the Bay Area and provide a delivery service so consumers wouldn’t have to travel to a restaurant physically. Since the launch of World Wide Waiter, the market for third-party delivery services has grown to $270 billion, with platforms like UberEasts, DoorDash, ChowNow, and GrubHub connecting millions of hungry Americans across the country with restaurants of every size and culinary expertise.
As these platforms have become ubiquitous and a staple of twenty-first-century life, demands have grown that these platforms share sensitive consumer data with restaurants. Specifically, the Digital Restaurant Association (DRA), a trade association set up by Tusk Strategies and led by Democratic operative Joe Reinstein, alleges that the amount of data these platforms collect grants them too much power over small restaurants. Since its founding, the DRA has sought to pass data-sharing ordinances nationwide.
Thankfully, the DRA only found limited success as municipalities have recognized the risks of mandating data sharing. In 2021, the City of New York became the only city to pass an ordinance that required food delivery platforms to share consumer information such as names, phone numbers, and email addresses with restaurants fulfilling the order.
DoorDash, however, was quick to sue, arguing that the ordinance represented a “shocking and invasive intrusion of consumers’ privacy.” The City of New York agreed not to enforce any data-sharing requirements until the courts resolve the bill’s legality. Here in Florida, Commissioners in Miami-Dade County considered a similar proposal, but deferred hearing it indefinitely owing to concerns about data security and consumer data privacy.
While the push to require data sharing is guised as helping smaller restaurants stand up to distant Silicon Valley behemoths, they ignore consumers’ real concerns about how their data is used by private companies. In 2019, Pew Research reported that eighty-one percent of Americans expressed concern about how private companies used their data, including sharing it with other private entities without their consent. Unfortunately, requiring food delivery platforms to share customer data with restaurants would only exacerbate these concerns and give consumers less control over their data.
Additionally, data-sharing ordinances would theoretically allow small restaurants to sell consumer data to data brokers, who could, in turn, sell the data to other private companies for a profit. In short, there is no telling who could access consumer data once it is out of the hands of food delivery platforms, many of whom have made it policy to keep consumer data private.
Data-sharing ordinances also create significant cybersecurity risks. Unlike large food delivery platforms, restaurants operate on small margins, typically between 3 and 5 percent. Such slim margins mean that only the most profitable restaurants can implement a robust cybersecurity program to secure consumer data. Smaller restaurants, on the other hand, will become easy targets for criminal gangs and nefarious foreign actors.
While municipal lawmakers propose reckless legislation that endangers consumer privacy, lawmakers in Tallahassee are considering legislation preventing these proposals from taking hold in the Sunshine State. While not an explicit ban on municipalities passing data-sharing ordinances, legislation proposed by Senator Jennifer Bradley and Representative Lauren Melo would reserve regulation of food delivery platforms to the state, meaning municipalities could not pass problematic data-sharing ordinances. Instead, it would require the legislature to act.
For consumers across the state hungry for food and data privacy, Senator Bradley and Representative Melo’s proposal is a step in the right direction that will ensure that municipal governments can’t compromise consumer data or inadvertently hand it to criminal gangs seeking a free lunch.