Judge Declares NYC’s Data-Sharing Law for Food Delivery Apps Unconstitutional

The law was introduced in the wake of the COVID-19 pandemic and required delivery services to hand over customer data to restaurants.
Judge Declares NYC’s Data-Sharing Law for Food Delivery Apps Unconstitutional
A DoorDash courier rides his bike in the rain during the COVID-19 pandemic in Manhattan, New York, on Nov. 13, 2020. Carlo Allegri/Reuters
Katabella Roberts
Updated:
0:00

A New York City COVID-era law requiring food delivery companies to share various customer data with restaurants is unconstitutional, a federal judge ruled on Sept. 24, a win for companies including DoorDash, Grubhub, and Uber Eats.

The ruling was handed down by U.S. District Judge Analisa Torres in the Southern District of New York, who found that the New York City law violated the First Amendment by improperly regulating commercial speech.

While the government can freely regulate commercial speech that concerns unlawful activity or is misleading, New York City’s law does not concern such activity, the judge said.

“In sum, when the customer data law requires that delivery services send customer data to restaurants, it compels speech that falls within the First Amendment’s protection,” Torres wrote in her 31-page decision.

The legislation in question was enacted by New York City in August 2021 after COVID-19 pandemic lockdown restrictions left restaurants empty while delivery apps saw a boom in demand.

Typically, when diners order food from a restaurant using food delivery platforms, the restaurant receives only the customer’s first name, the first initial of the customer’s surname, and the order’s contents.

Under New York City’s customer data law, delivery services were required to provide restaurants with a consumer’s full name, email address, phone number, delivery address, and order contents when they placed an order.

In court filings, the New York City Council said the law would protect restaurants from the “exploitive practices” of delivery services, such as limiting the ability of restaurants to retain data on their own customers, using customer data to promote competitor restaurants that pay higher fees to the food delivery companies, and listing false information about restaurants in order to direct traffic to a restaurant paying higher commissions and fees.

Uber Eats, Grubhub, and DoorDash quickly challenged the law, and it was put on hold while litigation played out.

In separate lawsuits, the trio argued that the legislation violated their First Amendment rights to commercial speech, arguing that the disclosures effectively amounted to compelled speech.

Concerns Over User Data, Security

The delivery giants claimed that the restaurants could use the data for marketing and to “poach customers away,” they said.

They further argued that the law was exploitative and threatened their customers’ privacy and data security.

DoorDash said in its lawsuit that the law “imposes virtually no restrictions on what restaurants may do with that data, and it does not mandate any data-security requirements once the customer data is transferred to restaurants.”

“In an era of heightened concerns about data privacy and identity theft, this compelled disclosure is a shocking and invasive intrusion of consumers’ privacy,” DoorDash said. “It is also an unconstitutional compulsion of speech in violation of the First Amendment, an unconstitutional taking of DoorDash’s valuable commercial information, an unconstitutional impairment of private parties’ contractual bargains, and a flagrant violation of other constitutional rights.”

Uber Eats and Grubhub made similar claims in their own lawsuits against the city.

Torres said in her ruling that the city had failed to demonstrate that it has a substantial interest in ensuring restaurants that have access to customer data from the delivery companies.

“The city has not demonstrated that an incentive-based program or more fine-tuned regulation would be ineffective, and compelling delivery services to disclose customer data is incommensurate with the identified harm,” Torres wrote.

“Even if the court were to find that the City has a substantial interest in ensuring that restaurants obtain data about customers who order food, it has not demonstrated that the customer data law is appropriately tailored to this goal.”

The judge said that there are other, less intrusive, ways of helping restaurants, such as letting customers decide whether to share data or offering financial incentives for the companies to share data.

The Epoch Times contacted DoorDash and UberEats for comment but received no replies by publication time.

A spokesperson for Grubhub welcomed the ruling and said it “reinforces the privacy protections that New Yorkers deserve.”

“Keeping customers’ personal information secure is a top priority, and this decision ensures that individuals maintain control over their data,” the spokesperson said. We look forward to continuing to provide our customers with the secure, reliable experience they count on.”

A spokesperson for New York City’s law department said it is carefully reviewing the court’s ruling.

Reuters contributed to this report.
Katabella Roberts
Katabella Roberts
Author
Katabella Roberts is a news writer for The Epoch Times, focusing primarily on the United States, world, and business news.