New York City has passed a bill limiting data sharing by food delivery apps and food service establishments.

What does that mean?

Here are some key takeaways:

  • A third-party food delivery service may not share customer data applicable to an online order if such customer requests that such data not be shared in relation to such online order.
  • The customer is presumed to have consented to the sharing of such customer data applicable to all online orders unless such customer has made such a request in relation to a specific online order.
  • The third-party food delivery service needs to provide in a conspicuous manner on its website a means for a customer to make such request and clearly and conspicuously disclose to the customer the customer data that may be shared with the food service establishment and identify the food service establishment fulfilling such customer’s online order as a recipient of such data.
  • Third-party food delivery services that share customer data must provide the data in a machine-readable format, disaggregated by customer, on an at least monthly basis.
  • Food service establishments that receive customer data must not sell, rent, or disclose such customer data to any other party in exchange for financial benefit, except with the express consent of the customer from whom the customer data was collected. They also must enable customers to withdraw their consent for the food service establishment to use the data and must enable customers to request and receive deletion of their customer data.
  • This does not apply to telephone orders.