September 21, 2021

Volume XI, Number 264

Advertisement

September 20, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

New York City Passes More City-Level Privacy Legislation

A bill passed by New York City Council regulating data collected by food delivery apps – requiring them to divulge identifiable, customer-level data to restaurants – became law on August 29. The bill, which amends New York City’s Administrative Code, becomes effective on December 27, 2021. As detailed by Kyle Fath on the International Association of Privacy Professionals (IAPP) Daily Dashboard (article linked here), the amendment:

  • Permits restaurants to request individual-level customer data from third-party delivery apps and requires the delivery apps to provide the information unless the customer has opted out of such sharing.

  • Subjects restaurants that receive such customer data to privacy limitations and requirements, including use and sharing limitations and provision of certain customer rights.

  • Permits restaurants to use the data received for marketing and other purposes, and prohibits delivery apps from restricting such activities by restaurants.

  • Requires delivery apps to assume customers opted into restaurant sharing by default and seemingly restricts delivery apps from providing a “global” option to opt-out of all restaurant sharing.

  • Provides a $500 per violation per day civil penalty, enforceable by city agencies and tribunals, but does not provide for a private right of action. However, it may tee up litigation between restaurants and delivery apps under other laws such as New York’s unfair competition or unfair/deceptive practices laws.

This restaurant-focused data legislation comes on the heels of NYC’s passing of a city-level biometrics law as we detailed here and at a time where the ever-growing hodgepodge of state privacy laws have some calling for federal privacy legislation.

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 250
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kyle R. Fath Cybersecurity Attorney Squire Patton Boggs New York Los Angeles
Of Counsel

Kyle Fath is counsel in the Data Privacy & Cybersecurity Practice. He offers clients a unique blend of deep experience in counselling companies through compliance with data privacy laws, drafting and negotiating technology agreements, and advising on the privacy, IT, and IP implications of mergers & acquisitions and other corporate transactions. His practice has a particular focus on the the ingestion and sharing of data by way of strategic data transactions, data brokers, and vendor relationships, the implications of digital advertising (as companies look toward...

212-872-9863
Advertisement
Advertisement
Advertisement