I had the pleasure of speaking during the Restaurant Technology Network Town Hall about a variety of privacy issues confronting restaurants and food delivery apps, including CCPA, CPRA, CDPA and CPA.

Here are some of my key points:

  • If you are using biometrics for food ordering, payment or authentication , it is best to pause and consider whether you need a notice and consent for this. A new New York law requires prominent signage and the existing Illinois BIPA requires notice and consent and has been litigated heavily.
  • Food delivery applications delivering in NYC are now required to share order information with the restaurant, unless the customer opts out of this sharing. They also need to provide conspicuous notice of the sharing. The restaurants themselves are also limited in how they share the information without consent.
  • If your service utilizes drivers for delivery and pick up and you track them, make sure that you are giving them disclosure of this, do a risk assessment of real time tracking and limit the access permissions to the drivers’ whereabouts to those who really need it. Be mindful of profiling.