Privacy & Cybersecurity Law Blog

On September 24, 2024, a federal district court held that New York City’s “Customer Data Law” violates the First Amendment. Passed in the summer of 2021, the law requires food-delivery apps to share customer-specific data with restaurants that prepare delivered meals.

The New York City Council enacted the Customer Data Law to boost the local restaurant industry in the wake of the pandemic. The law requires food-delivery apps to provide restaurants (upon the restaurants’ request) with each diner’s full name, email address, phone number, delivery address, and order contents. Customers may opt out of such sharing. The law’s supporters argue that requiring such disclosure addresses exploitation by the delivery apps and helps restaurants advertise more effectively.

Normally, when a customer places an order through a food-delivery app, the app provides the restaurant with the customer’s first name, last initial and food order. Food-delivery apps share aggregate data analytics with restaurants but generally do not share customer-specific data beyond the information necessary to fulfill an order. Some apps, for example, provide restaurants with data related to their menu performance, customer feedback and daily operations.

Major food-delivery app companies challenged the Customer Data Law, arguing that its data sharing requirement compels speech impermissibly under the First Amendment. Siding with the apps, the U.S. District Court for the Southern District of New York declared the city’s law invalid, holding that its data sharing requirement is not appropriately tailored to a substantial government interest.