As more restaurant brands collect customer information by bolstering technology tools such as ordering, payment, withdrawal and other app offerings, they are entering new data privacy territory. .
The U.S. Energy and Commerce Consumer Protection and Commerce Subcommittee on Thursday marked the U.S. Privacy and Data Protection Act (HR 8152), which would set a national standard for the collection and protection Datas. It still has to be considered by the committee, the plenary assembly and the Senate.
The National Restaurant Association, based in Washington, DC, said any precautionary federal data privacy law that creates a single, uniform standard would benefit the industry.
However, the association said it was concerned that the proposed data privacy law, as drafted, would present significant challenges for restaurateurs large and small.
Sean Kennedy, executive vice president of public affairs for the National Restaurant Association, said in a statement, “As the cornerstone of communities across America, restaurant owners build their business on trusting relationships with their customers, and they rely on strong privacy and data security. practices to build that trust in today’s digital economy.
Certain aspects of the bill have raised concerns within the association.
“This bill is moving very quickly through committee, and we are working with members to address these concerns,” Kennedy said. “The good news is that all of these concerns have resolutions that would significantly improve this bill for the restaurant industry while strengthening protections for consumers.”
Areas covered by the association include:
- Exceptions in federal preemption: The association expressed concern that there are too many exclusions for state-level privacy laws, consumer protection laws, and laws that govern both employee data and biometric data. , among others.
“These exclusions essentially negate the bill’s pre-emption provision and would require domestic restaurant companies to comply with federal and state laws,” the association said.
- Inclusion of private right of action: The wording of the bill would allow for a civil action in federal court, which the association says would allow litigators to drag operators into litigation. “These actions do not improve consumer protection but often penalize the operations concerned”, specifies the association.
- Loyalty programs: The proposed law includes language intended to preserve consumer loyalty programs, but the association said the provision would prevent consumers and restaurants from voluntarily establishing loyalty relationships. The association said it hoped the bill could be amended to reflect national data privacy laws that have been effective.
- Requirements of service providers and third parties: The association said restaurants are often a first point of consumer data collection. However, restaurants should not be held liable for potential data privacy breaches committed by downstream business partners, the association said, adding that it would like to see service provider and third-party requirements strengthened.
- Exemption for small data: The bill includes a threshold for exempting small business data, but the association said the current definition would still place a significant burden on small business restaurants.
- Definition of Covered Entity: Under the current bill, the definition of covered entity would mean that restaurants with a common brand all become liable for an operator’s violations, the association said. He would like the bill to take into account the franchise structure of the industry when defining the entities covered.
The association’s concerns were set out in a previous letter to the subcommittee.
The National Restaurant Association, founded in 1919, is a trade association for the restaurant industry.
Contact Ron Ruggless at [email protected]
Follow him on Twitter: @RonRuggless