Pub and restaurant chain apps are requiring such data as gender and marital status. This is raising eyebrows among privacy campaigners and industry analysts alike.
The Information Commissioner’s Office warned that many pubs and restaurants were asking customers for much more personal data than was strictly relevant and necessary. Suzanne Gordon of the ICO told the BBC ” it was far too easy to upload an app and input lots of data into it. This means that users don’t fully understanding where the information might be shared and why it was being requested.”
The use of mobile apps to replace traditional paper menus has been one of the most obvious impacts of the Covid-19 pandemic. The apps are designed to eliminate social contact points between front-of-house staff and customers. These apps may have played a role in driving down transmission rates. However, they also require a certain amount of user data to run. Venues should only ask for data that is “relevant and necessary”. It is obvious that these apps will need certain data points in order for them work. For example, data points such as age, when purchasing alcohol and location are required.
So, who is asking for this data and how much are they asking for?
Apps run by Mitchells & Butlers, the company that owns All Bar One, Browns and Harvester, as well as pub company Greene King. These apps, have emerged as some of the most data hungry apps in the hospitality sector. This was reported by comparison service Uswitch. These apps have demanded far too much data’ in order to achieve a given task’, to quote the GDPR principle. The Data Minimisation principle states very clearly that the minimum amount of data should db e gathered to accomplish a given task. Many of these apps are asking for too much information.
Information that would be expected to be provided would be order history and payment details. However, Mitchells & Butlers asks its customers for 22 out of 24 possibly relevant data points. These include home address, gender, data of birth, marital status, and social media profiles. Greene King requests 17 out of 24. Mitchells and Butlers are not alone in excessive harvesting of data. Stonegate, which operates thousands of bars, pubs and clubs, asks for 12 out of 24. The Wetherspoons app asks for just 9 out of 24 data points.
Independent Apps ask for less
The smaller independent apps created for hospitality businesses by independent developers ask for less. These apps include Butlr, DrinkApp, Hungrrr, OrderPay, RoundApp and Swifty. All of these ask for fewer than 10 data points.
However, the most privacy-conscious app, according to Uswitch’s data, is OrderPay. The app requests just two data points from users These are their food and drink order history and dietary requirements. OrderPay is used at a number of chains, including Be At One, Bierkeller, Bar Soho and Giggling Squid.
Uswitch’s Catherine Hiley said: “In the post-Covid world we live in, many bars, pubs and restaurants have kept up their table-service apps for customers’ convenience. She added, that is was important for customers to be aware of the reasons companies may ask for their personal data. They shouldconsider what it might be used for if they consent for it to be collected.
The facts are that mosts apps will still function without all the permissions requested. The only way is to try and experiment and see what works and what does not. This will help you safeguard our data.
Remember, the local pub doesn’t need your full name or email address to bring a drink to your table!!!