The Data Catalyst Institute (DCI) works to support stakeholders and policymakers as they undertake the important and difficult work of enacting sound, operational public policy governing the use of data by and for consumers and data-focused enterprises. To celebrate good policy and identify challenges of many proposals, DCI considers and reports on regulatory and legislative proposals.

NYC Council Int. 2311 (“Data on orders placed through third-party food delivery services”) is rooted in good intention, and may have an operational foundation that could benefit consumers and restaurants eventually, but in its current form it hurts everyone and does catastrophic harm to the progress made in recent years to reduce unwanted data sharing and increase data security.

Secondary data markets always pose risks. A forced secondary data market would do untold harm to millions of New Yorkers, thousands of New York restaurants, and ultimately create a precedent for violating privacy policies and contracts that are, in lieu of a national privacy law, the best way to maintain privacy obligations and security requirements.

DCI strongly recommends the New York City Council reconsider Int. 2311, and, at a minimum, address the privacy and independent restaurant liability implications before moving forward. This Issue Brief outlines DCI’s arguments to that effect.