Zomato's move to share customer data with restaurants sparks privacy concerns

Food delivery platform Zomato has decided to begin sharing customer data with restaurants, bringing an end to a long-running dispute with the restaurant industry.

Also Read: Food delivery to get costlier as Zomato, Swiggy set to revise platform fee after GST 2.0

The move has already stirred controversy, with analysts raising concerns about data privacy and the potential misuse of customer information.

Customer data sharing talks

Zomato is reportedly in advanced discussions with the National Restaurants Association of India (NRAI), an umbrella body representing over 5,00,000 eateries, to enable customer-data sharing.

Similar talks are said to be underway with Zomato’s rival, Swiggy, according to Business Today.

At present, food delivery platforms mask customer information, meaning restaurants cannot access users’ phone numbers or other personal details. This issue has been a major sticking point between aggregators and restaurants for several years.

As part of a pilot, Zomato has started showing pop-ups asking customers for permission to share their phone numbers with restaurants for promotional and marketing communication.

However, once the number is shared, users cannot withdraw their consent. The text reads, “I allow restaurants to reach out to me for promotional activities.”

Restaurants can’t reach customers

Currently, customers ordering through Zomato or Swiggy can directly call or message a restaurant if they need to make changes to their order. Restaurants, however, cannot contact customers directly because the platforms do not share phone numbers.

Instead, platforms only share macro-level data, such as the number of orders coming from a particular area, while withholding individual-level consumer information.

Also Read: Swiggy, Blinkit or TN player Zaaroz? Consumer rights expert on Q-comm firms

This has long frustrated restaurants. The NRAI previously filed a complaint with the Competition Commission of India (CCI), accusing Zomato and Swiggy of “anti-competitive practices”.

The association also objected to issues such as deep discounting and high commissions by the food aggregators, which in some cases rose to 35 per cent.

Boom of food delivery apps

Food delivery platforms like Zomato have transformed the restaurant industry, making it possible for customers to enjoy dishes like biryani or paneer tikka from the comfort of their homes.

The sector is expected to grow further, with reports predicting an 18 per cent year-on-year rise. Restaurants argue that masked data prevents them from directly engaging with their customers.

Access to key customer details would help them better understand consumption patterns and personalise them for the customers accordingly. It would also allow restaurants to allocate their marketing budgets more effectively.

For instance, restaurants could call customers directly to clarify any issues with an order or confirm preferences.

Privacy concerns

However, the decision has sparked a privacy debate, with social media users warning it could trigger a flood of spam messages.

Rajya Sabha MPs Milind Deora and Priyanka Chaturvedi, a member of the Parliamentary Standing Committee on Information Technology, have strongly criticised the move. Chaturvedi cautioned that such unilateral decisions may attract scrutiny from Parliament.

Also Read: Zomato rebrands as 'Eternal,' signals shift towards quick commerce

“So, Zomato and Swiggy plan to share customer mobile numbers with restaurants. This opens the door to privacy risks and further spam under the guise of better service. We need clear, unambiguous opt-in guidelines, in line with the DPDP Rules, so consumers' data is respected,” Deora tweeted.

Chaturvedi added, “While Zomato may think this is a push for transparency, for customers, this is a breach of data privacy. If Zomato and apps unilaterally take such positions, as a member of the standing committee on IT, I would request a review for possible violations of data privacy laws.”

Zomato issues clarification

The government has recently notified the Digital Personal Data Protection (DPDP) Rules, which outline how personal data can be collected, processed, stored and deleted.

Amid the backlash, Zomato CEO Aditya Mangla has attempted to calm concerns. “If and when consent is provided, only the phone number will be shared with the restaurant. No other information will be shared,” he clarified in a LinkedIn post.