December 4, 2021

Volume XI, Number 338

Advertisement
Advertisement

December 03, 2021

Subscribe to Latest Legal News and Analysis

December 02, 2021

Subscribe to Latest Legal News and Analysis

December 01, 2021

Subscribe to Latest Legal News and Analysis

Impact of NYC’s New Delivery Service Data Sharing Requirement

New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information from the delivery service. The delivery services, in turn, must tell consumers about the potential sharing “in a conspicuous manner” on its website and give people the ability to opt-out of such sharing.  That notice needs to indicate that the person’s information will be shared with the restaurant, and needs to identify the restaurant.

If requested by the restaurant, the delivery service will need to provide the information on customer-specific, monthly basis and in a “machine-readable format.” Delivery services will need to scrub out anyone who has opted out.  Restaurants who receive information from the delivery services under this new law cannot sell or otherwise share the information unless they have gotten express consent from the customer. Restaurants also have to let customers opt-out of having their information used by the restaurants. The requirements do not apply to phone orders, and the law makes clear that both parties still need to comply with applicable laws.

The law has been criticized; indeed one delivery service has sued arguing that the provisions violate consumers’ privacy. The city, on the other hand, views this as a way to financially support restaurants in light of struggles resulting from the COVID pandemic. It has introduced this measure along with others in its changing approach to regulating food delivery.

Putting it Into Practice: Provided that there are no delays in implementation, restaurants operating in New York City will be able to ask delivery services for customer information starting December 27, to the extent that such requests are not already provided for in the contracts between the parties. Delivery services will need to prepare by making the requisite disclosures when collecting customer information.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 272
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Staff Attorney

Harrison Schafer is a staff attorney in the Intellectual Property practice group in the firm's Chicago office. He is a Privacy and Cybersecurity Fellow and a member of the Privacy and Cybersecurity Team. He is a certified information privacy professional (CIPP/E and CIPP/US) by the International Association of Privacy Professionals (IAPP).

Areas of Practice

As a fellow, Harrison’s practice focuses on publishing articles covering relevant legal developments in the privacy and cybersecurity space to...

312-499-6371
Advertisement
Advertisement
Advertisement