Last week, DoorDash filed a complaint in the U.S. District Court in the Southern District of New York regarding a New York City ordinance requiring that DoorDash share customers’ personal information to every restaurant that fulfills an order through the app. According to the complaint, every time someone orders food through DoorDash in New York, the restaurant that made the customer’s food will obtain their name, delivery address, email address, and phone number.
In addition to six other causes of action, DoorDash alleges that the ordinance violates its right to freedom of speech under the First Amendment of the United States Constitution. Specifically, it argues that New York is compelling DoorDash to speak by forcing it to share customers’ information, which it would not otherwise do. Applying the strict scrutiny standard, DoorDash argues that that the ordinance does not further a compelling government interest nor is it narrowly tailored to achieve any such interest.
According to DoorDash, the ordinance’s “purpose is to make it easier for restaurants to market directly to customers, avoid paying marketing fees to DoorDash, and gain a competitive advantage.” Likewise, the corporation frames New York’s government interest as the City’s “restaurants receiving data sufficient for them to contact customers directly.” DoorDash argues that these purposes are not even a legitimate government interest, and far from compelling. DoorDash’s framing of the ordinance’s purpose paints New York as some sort of spiteful city personally attacking DoorDash. How compelling is this narrative?
Alternatively, one could argue that New York has a compelling government interest in keeping local restaurants afloat. In the midst of an economic crisis spurred on by a global pandemic, DoorDash has reaped the rewards of social distancing in exorbitant delivery fees. Meanwhile, restaurants across the country have struggled, and ultimately closed their doors, due to more people staying home and not dining out. Unlike DoorDash, which employees a couple of delivery drivers here and there, restaurants provide jobs for almost a million New Yorkers. Is it not a compelling interest of New York, or at least a legitimate interest, to keep hundreds of thousands of New Yorkers employed?
However, DoorDash raised a fair point in its complaint: the City Council Members in favor of the ordinance conceded that DoorDash has “fostered a mutually beneficial relationship with New York City restaurants for years.” Benefits to DoorDash’s restaurant partners include marketing exposure, as well as DoorDash’s convenient web and app platforms that facilitate pickup and delivery, ultimately making the restaurants money. Next, a regulation is not narrowly tailored to a compelling interest if it is overly broad, and regulates a substantial amount of constitutionally protected expression. DoorDash claims the ordinance is not narrowly tailored to further a compelling government interest because “a law that requires disclosure of customers’ full names, email addresses, telephone numbers, delivery addresses, and order contents is a far cry from narrowly tailored.”
It is strategic of DoorDash to emphasize the expansive nature of the information at hand. Should the information unintentionally get into the hands of people other than the restaurants, it could be used for a practically limitless amount of purposes outside of the City’s interest in helping restaurants. For example, the New York City Hispanic Chamber of Commerce and the Haitian American Caucus have both expressed concerns regarding the potential for this information to be exploited by discriminatory groups to harm undocumented customers.
DoorDash argues that some restaurants will not have the financial capacity to invest in secure data management systems to protect customers’ information from cyber threats.
This argument rests on the likelihood that the restaurants do not have adequate data-storage technology. According to the complaint, the ordinance “allows all restaurants to obtain this private customer data, whether or not they have the technical capacity or resources to safely maintain it.” DoorDash argues that some restaurants will not have the financial capacity to invest in secure data management systems to protect customers’ information from cyber threats.
The City has claimed that by providing customers the opportunity to opt out of sharing their data on an order-by-order basis, DoorDash customers would consent to divulging information to restaurants. However, DoorDash argues that realistically, hungry people are not likely to take the time to read through fine print standing in the way of their takeout. Thus, the ordinance could effectively lead to New Yorkers unknowingly sharing their personal information to whatever restaurant they order from.
This brings up the question: Should New York be responsible for ensuring any restaurants that obtain customer information from DoorDash have secure data-storage technology? Also, is DoorDash’s own data-storage system as hack-proof as it claims?
Lauren attended Florida State University for college and majored in Political Science and Environmental Studies. In law school, Lauren has been a member of the Environmental Law Project and worked on environmental pro bono projects ranging from private well water quality to climate change mitigation.