The New York City Council proposed a bill that would require food delivery services to give customer information to restaurants with no restriction on its use, retention, or resale. ACI’s Director Kris Pusok sent a letter to the NYC Council today explaining  why protecting consumer information should be paramount, and that the proposal would simply be bad consumer policy. Here is the letter:

July 26, 2021

Committee on Consumer Affairs and Business Licensing

RE: Int. 2311 – Data on orders placed through third-party food delivery services

Chairperson and Members of the Committee:

On behalf of the American Consumer Institute (ACI), I am writing to express our concerns regarding Int. 2311, a bill seeking to force third-party delivery companies to share consumer personal information (name, phone number, email address, and delivery address) obtained through their platforms with any restaurant partner and allow restaurants to keep this information.

Under the proposed bill restaurants would be able to use that information however they want. More worrisome, there are no provisions in the bill that would prohibit restaurants from selling and/or misusing consumer data. This raises significant privacy concerns given that consumers have no means to opt out. Concerning is also that restaurants, especially smaller ones, often lack robust and even sufficient cybersecurity measures or privacy controls to protect the personal information of customers.

Since Int. 2311 does not impose any security requirements on restaurants, it risks leaving consumers’ personal information vulnerable to theft or unauthorized sale.

Many restaurants would probably not have been able to be in business during the pandemic if it wasn’t for the delivery platforms to offer their products. We should give restaurants every financial support we can, but not if it comes at the cost of serious violations of consumer privacy.


Krisztina Pusok, Director of Policy and Research, American Consumer Institute