Although apps are not compulsory for the hospitality sector to serve customers anymore, many pubs and restaurants are continuing to use them. This has provoked the UK's data protection watchdog, the Information Commissioner's Office (ICO), to issue a reminder that these apps are not legally required anymore and that people should be cautious of the amount of personal data that they are handing over to these companies.
Remember the days when face masks weren’t required and you had to physically leave your seat, walk up to the bar, and order food and drinks? Back then, the restaurant or pub would only get your money. Now, using an app, companies get your money, but also an email address, maybe your date of birth, possibly your home address, and more. This information is far more valuable as it can tell them what you like drinking, what time you're likely to visit, who you were sitting with and how frequently you reorder.
To get an idea of the kind of information these apps take, here is an outline of the data that 3 popular hospitality apps in use today take.
JD Wetherspoon App (over 900 pubs in the UK):
Greene King App (3,000 pubs, restaurants and hotels across the UK)
Young’s On Tap App (Over 200 pubs across London and SW England)
Yes. As long as the app contains a UK GDPR-compliant privacy notice explaining why the data is collected and what it will be used for, and you have ticked that all too familiar ‘I have read this privacy notice’ box, then it is legal. Most apps will contain this notice but not many people (if any) are prepared to read through a lengthy privacy notice when trying to order a pint.
The ICO are concerned about this and they are putting pressure on companies to only take and use personal information that is ‘relevant and necessary’ for ordering food and drinks.
The ICO is the UK’s independent data protection watchdog and its role is to uphold information rights in the public interest.
Some of the legislation that the ICO cover are the UK General Data Protection Regulation (GDPR), Data Protection Act 2018, and Freedom of Information Act 2000.
The ICO has two tiers of penalties available to them for serious breaches of legislation. They can either fine a company up to 20m Euros (just over £17m), or 4% of their global revenue -- whichever is higher.
The money collected by the ICO is paid into a central government fund which belongs to the Treasury. This means that GDPR fines are used to fund public services.
The Director of data protection at the ICO, Suzanne Gorden has stated: "Customers need to understand they do have a choice. We're now coming out of the pandemic and there's the ability to order on the app or in the more traditional way".
At the end of the day, these apps take a lot of personal data and you should be in control of when and why you are handing it over. So the next time you are ordering a drink at the pub, or some food at a restaurant, consider ordering in the traditional way and only handing over your money.
Each week we summarise the most important issues that affect your rights at work, home, in the shops etc.
You'll basically be a lawyer from our newsletter alone...