Skip to main content

Restaurant Data Privacy in 2023: What to Do Now?

The RTN Town Hall focused on new data privacy laws and what operators need to move to the top of their to-do lists.
a hand holding a cell phone
Advertisement - article continues below

ICYMI, the Restaurant Technology Network (RTN) Town Hall on February 21 focused on Restaurant Data Privacy in 2023 - What to Do Now and featured renowned data privacy expert Odia Kagan, Partner, Chair of GDPR Compliance and International Privacy at Fox Rothschild LLP in Philadelphia. 

Kagan kicked off the call with an overview of new laws and existing laws that are already in effect.

To date, there are 5 comprehensive data privacy laws in US states. 

  • In January, laws in California and Virginia went into effect
  • In July: Colorado and Connecticut.
  • In December: Utah

There are 20 or so privacy bills in various stages being considered by state legislatures. “They're moving along, which basically means that we will have more state laws this year,” Kagan said.

Children and Data Privacy

While there isn’t a federal data privacy law at the moment, Kagan pointed to President Biden’s  recent State of the Union address, where he made several call-outs on data privacy. Operators, Kagan cautioned, should be aware of the changing definition of children, which is moving towards all people under 18 years of age, she said. This differs from the Children Online Privacy Act or COPA, which refers to ads targeting children under 13. The new definition, Kagan stressed, contains language that should be on operators’ radar:  “likely to be accessed by” and “under 18s”.  

In California this has already been passed as law and goes into effect in 2024, she stated.

“Think about these requirements as you're designing or redesigning the app. Don't wait for 2024 to become compliant,” Kagan stressed.

Key To Dos

  • Make future-proof for kids under 18
  • When collecting and processing data, ask Why do I need it? Is it helpful? Necessary? How long are we retaining it?

Kagan pointed to two recent FTC enforcements: Drizly  for obtaining too much information and CafePress  for retaining info longer than necessary.

CPRA   went into effect January 1 but enforcement of the amendments starts in July, Kagan explained. Operators should sit down with stakeholders and their attorneys to review what data they’re collecting, review how long they're retaining data and why, she advised. This also applies to emails, cookies, chat logs, etc. 

For operators, it is going to be more relevant “to strengthen transparency and disclosure, data, minimization, meaning only collect what you need. So it's not a free-for-all for data collection,” she said. “You need to have a good explanation of why you collected that data.” 

These are only a few of the actionable insights provided by Kagan in RTN’s hour-long Town Hall, which included a live Q&A.   

Also covered: 

  • Transparency in Algorithms & AI
  • Targeted advertising 
  • Biometrics

Become an RTN Member

The complete Town Hall is viewable only to RTN Members who are logged into the site:

Town Halls are only open to restaurants and RTN Supplier Members. This recording lives on the members-only side of the RTN site and you will need to log in to view.  If you are a restaurant, membership is complimentary and you can create a profile on our site directly. If you are a supplier and haven't registered on the RTN site, you can do so as well and your membership will be active based on your email domain.


This ad will auto-close in 10 seconds