September 10, 2021

Real cost of ordering drinks on an app - your data

Do you know how much using an app to order drinks is really costing you?

Although apps are not compulsory for the hospitality sector to serve customers anymore, many pubs and restaurants are continuing to use them. This has provoked the UK's data protection watchdog, the Information Commissioner's Office (ICO), to issue a reminder that these apps are not legally required anymore and that people should be cautious of the amount of personal data that they are handing over to these companies. 

Why is the hospitality sector continuing to use apps?

Remember the days when face masks weren’t required and you had to physically leave your seat, walk up to the bar, and order food and drinks? Back then, the restaurant or pub would only get your money. Now, using an app, companies get your money, but also an email address, maybe your date of birth, possibly your home address, and more. This information is far more valuable as it can tell them what you like drinking, what time you're likely to visit, who you were sitting with and how frequently you reorder.

What kind of information do these apps take and what might companies do with it?

To get an idea of the kind of information these apps take, here is an outline of the data that 3  popular hospitality apps in use today take.

JD Wetherspoon App (over 900 pubs in the UK):

  • Collects information such as your name, address, email address, phone number and it also tracks your location to make sure you are ordering from the right pub.

  • The personal data you provide when registering to use the app is retained until the user requests that the data controller amend or remove the data.

  • Wetherspoon may disclose your personal data to prospective buyers or sellers if the pub sells or buys any business or assets.

  • Questions, comments and requests regarding this privacy policy should be emailed to customerservices@jdwetherspoon.co.uk

Greene King App (3,000 pubs, restaurants and hotels across the UK)

  • Collects information such as your name, contact details, booking information, transaction details, date of birth, email, telephone and payment details.

  • 13 months is the golden number for the retention of your data. However, if you have opted into direct marketing then your data will be retained for longer.

  • Details from Wi-fi usage (such as where, when and how you connected) are also kept for 13 months.

  • If you want to discuss how Greene King use your personal data, opt out of profiling, exercise your data protection rights, or contact our Data Protection Officer, email: dataprotection@greeneking.co.uk.

Young’s On Tap App (Over 200 pubs across London and SW England)

  • Collects the same personal information as the other two apps (name, contact details, etc) and also a customer’s gender, interests, and preferences.

  • The app also automatically collects a customer’s geo-location data, operating system, the website visited before using the app, and IP address, amongst other things.

  • The app may use your data for a number of things, including to facilitate profiling, segmentation and personalisation – based on location, preferences, interests and past actions.

  •  The app may transfer your personal data to third parties which may be located outside of the UK or the EEA.

  • Generally your data will be stored for 5 years.

  • You are able to erase or restrict the processing of personal data by contacting the Data Protection Officer via email: privacy@youngs.co.uk.

Is the amount of personal information these apps request legal?

Yes. As long as the app contains a UK GDPR-compliant privacy notice explaining why the data is collected and what it will be used for, and you have ticked that all too familiar ‘I have read this privacy notice’ box, then it is legal.  Most apps will contain this notice but not many people (if any) are prepared to read through a lengthy privacy notice when trying to order a pint. 

The ICO are concerned about this and they are putting pressure on companies to only take and use personal information that is ‘relevant and necessary’ for ordering food and drinks.

Who is the ICO and what does it do?

The ICO is the UK’s independent data protection watchdog and its role is to uphold information rights in the public interest.

Some of the legislation that the ICO cover are the UK General Data Protection Regulation (GDPR), Data Protection Act 2018, and Freedom of Information Act 2000.

What action can the ICO take?

The ICO has two tiers of penalties available to them for serious breaches of legislation. They can either fine a company up to 20m Euros (just over £17m), or 4% of their global revenue -- whichever is higher.

 

Where does the money from these fines go?

The money collected by the ICO is paid into a central government fund which belongs to the Treasury. This means that GDPR fines are used to fund public services. 

Examples of fines enforced by the ICO:

  • Marriott International Hotels (£18.4m) – Fined by the ICO in 2020 after the company was hacked in 2014 exposing the personal details of 300 million customers (including credit card information and passport numbers).

  • British Airways (£20m) - Fined by the ICO in 2020 after its website directed users to a fraudulent site through which hackers managed to harvest the personal data of over 400,000 people (including credit card information, names and addresses). The ICO originally issued a fine of £183.5 million - the largest fine under the GDPR - but this was reduced due to the economic impact of Covid-19. 

Conclusion

The Director of data protection at the ICO, Suzanne Gorden has stated: "Customers need to understand they do have a choice. We're now coming out of the pandemic and there's the ability to order on the app or in the more traditional way".

At the end of the day, these apps take a lot of personal data and you should be in control of when and why you are handing it over. So the next time you are ordering a drink at the pub, or some food at a restaurant, consider ordering in the traditional way and only handing over your money.


Your rights straight in your inbox

Each week we summarise the most important issues that affect your rights at work, home, in the shops etc.
You'll basically be a lawyer from our newsletter alone...