New York City Council Proposal Places Consumer Privacy at Risk and Hurts Small Businesses

Dear Council member, 

On behalf of Americans for Tax Reform, and our supporters across New York City, I urge you to reject Intro. 2311, an attack on consumer privacy, that will expose the very restaurants it pretends to help to unintended legal liability. 

The measure would force meal delivery services (like UberEats, DoorDash, Grubhub, and others) to share private consumer data with restaurants.  

This misguided market manipulation will have disastrous impacts on the restaurant industry, subject customers to harmful privacy breaches, dangerous stalking incidences, and hurt an emerging industry.   

Intro. 2311 offers restaurants the opportunity to obtain private customer information without the customer’s, or the restaurant’s knowing approval. For each order, delivery apps will need to provide restaurants with the customer’s name, phone number, email address, delivery address, and the contents of their order.  

There are no limits on what the restaurant can do with such information. Unlike delivery apps, which have terms of service providing consumers with privacy rights, restaurants would not offer any of these rights to customers, removing any privacy protections that are promised to customers when they order through a delivery app. 

Restaurants can use this data in a variety of ways, ranging from advertising to significant privacy violations – including selling this personal information to whomever they please. Credit firms, banks, and insurance companies are some of the most prolific buyers of private information and use data to raise rates on individuals. Restaurant order data is highly valuable to insurance companies because they can use it to determine healthy or unhealthy eating habits. This has the potential to hurt minority New Yorkers disproportionately.  

Additionally, employers often seek private information about current or prospective workers. Neighbors, stalkers, and even vindictive ex-partners can purchase private data about individuals, exposing them to safety risks. Delivery apps sharing delivery addresses could result in highly dangerous situations. Intro. 2311 increases opportunities for bad actors to prey on unknowing, innocent members of your communities. 

Unlike delivery apps, which have thousands of employees and specially trained private information managers, small restaurants do not have stringent security measures to prevent data breaches. Hackers know this, which is why restaurants, along with hotels, are breached more than any other business. 

If a struggling restaurant suffers a security breach it could force them to cease operations. They would face legal liability, requiring expensive legal representation and monetary restitution to customers who lost data. Even if a business can afford this, they would undoubtedly lose customers. A study done by Thales Group, a global leader in security technology, found that 64% of consumers are unlikely to do business with a company that has suffered a data breach in the past. 

Intro. 2311 would also cause serious harm to delivery apps that have helped keep thousands of restaurants afloat throughout the pandemic. Even as revenues soared more than 200%, in the case of DoorDash, not a single delivery service has ever made an annual profit. In 2020, the most profitable year in the history of food delivery, DoorDash lost $461 million, Grubhub lost $156 million, and UberEats suffered losses estimated at $873 million.  

No restaurant has ever been forced into business with a delivery app. Rather, they enter a partnership and pay for a valuable service. Delivery apps handle logistics, payment, and introduce customers to new restaurants. Should delivery apps be forced to turn over valuable data for free, these companies will eventually be forced to stop their operations, at best leaving New York City. This would be incredibly harmful to the restaurant industry, as well as the gig economy. As millions of Americans lost their jobs due to the pandemic-induced economic downturn, the “gig economy” became crucial for unemployed or under-employed New Yorkers looking to earn extra money to support themselves and their families.  

With flexible hours and a simple application process, driving or biking for a delivery service is incredibly appealing for many people. A report from the Center for New York City Affairs estimated there are roughly 150,000 app-based gig workers in New York. If delivery companies went out of business, these people would lose out on income essential to their survival.

It is important to all New Yorkers that small restaurants continue to be the lifeblood of New York City and re-emerge following the pandemic. Intro. 2311 will not accomplish this goal, no matter how well-intentioned it may be. It will only compromise the privacy of New Yorkers and risk destroying an emerging industry.  


Grover Norquist 
Americans for Tax Reform