Food delivery company DoorDash has filed yet another lawsuit against New York City, calling a new law requiring delivery companies to share customer data with restaurants “a shocking and invasive intrusion of consumers’ privacy.”
Under the law approved in July, third-party food delivery services in the city would have to share customers’ names, phone numbers, emails, and delivery addresses with a restaurant that fulfills a DoorDash order, unless the customer opts out. In its complaint, DoorDash argues that customers entrust DoorDash with sensitive data, “that they would not entrust to small businesses that do not have similar robust data safety and security protocol.”
The company added that in-person diners don’t typically expect to disclose sensitive personal information to restaurants. “Moreover, the Ordinance’s presumption that every customer consents to sharing their personal data—unless they specifically opt out on a per-order basis—flies in the face of prevailing privacy best practices,” the lawsuit states. And there are no guarantees that restaurants would be able to store customer data in a way that both complies with privacy laws and prevents unauthorized access, DoorDash argues.
New York City councilor Keith Powers, introduced the legislation earlier this year. “After such a devastating year for our city’s restaurant industry, this precedent-setting law gives much needed relief to eateries to have better access to customer data and provides strong privacy protections,” Powers wrote in an email to The Verge. “Restaurants are the lifeblood of New York’s economy and culture, and I’m proud that the City Council has stood by our local establishments and New York diners. I encourage DoorDash to drop this lawsuit immediately.”
The Electronic Frontier Foundation (EFF) wrote in a July letter to New York City Council that it “sympathize[d] with the goal to set a more level playing field for all businesses particularly after the year we have all faced,” but that it opposed the measure: “privacy should be the default of any transaction, and consumers should be asked to opt-in to sharing of their information every time it could be transferred to a new entity.”
In addition, the EFF said, the ordinance “sets up a ripe target for hackers and data thieves who want to exploit [the customers’] information.
Restaurants that relied on deliveries to stay open during the pandemic last year have tangled with online delivery platforms like DoorDash over some of their business practices. A pizzeria owner who bought his own inventory from DoorDash at a profit last year highlighted how the delivery companies seemed to be willing to lose money on deliveries to add more restaurants to their ecosystems. DoorDash rival Grubhub has been caught making websites that impersonated restaurants and listing restaurants on its platform without their knowledge or permission.
Last week, DoorDash, Grubhub, and Uber Eats filed suit against New York City over another new law that caps the amount of fees the delivery companies can collect from restaurants. The city put a temporary cap on delivery fees last June restricting the delivery platform to a maximum fee of 23 percent per order, which breaks down as 15 percent for delivery, 5 percent for having the restaurant listed on its app, and 3 percent for credit card processing fees. The platforms have been accused of adding other unclear fees on top of their delivery fees, however.
In the lawsuit it filed Wednesday, DoorDash is seeking an injunction against enforcing the new customer data rule, unspecified monetary damages, and a jury trial. The law is currently slated to take effect in December, barring any court action.
Update September 15th 1:41PM ET: Added statement from Keith Powers.