Compromising Your Personal Data For a Pint and a Pizza

The Information Commissioner’s Office (ICO) has warned that people should not have to surrender excessive amounts of their personal data just to order food and beverages online. Many people turned to online food and beverage ordering apps during the COVID-19 pandemic as a way to reduce their contact with others, whilst still being able to enjoy their favourite foods with their family.


Ordering Online During COVID-19


During the COVID-19 Pandemic when social distancing rules were widely enforced, many people opted to order food and beverages online through ordering apps. This allowed consumers to have less contact with other people, and in turn, help stop the spread of Coronavirus. The practicality and ease of these online ordering tools mean that they are likely to remain popular beyond the COVID-19 pandemic and world of social distancing.

However, in order for these ordering apps to work, personal information was required from customers. As such, the ICO has warned businesses to comply with data protection laws, and reminded them to only collect relevant and necessary personal data from customers.


Paul Arnold, Deputy Chief Executive of the ICO, commented:

“People are excited to be going out again and the innovations that have emerged through the pandemic can make that experience safer, easier, and more enjoyable … but you shouldn’t have to give up too much of your personal data to order a pizza or a pint.”

What is Personal Data?


Ultimately, personal data is information that relates to an identified or identifiable individual.

This information could be in the form of a name, number, IP address, and, amongst others, cookie identifiers of a living person. Information about a deceased person does not constitute as personal data, as personal data can only relate to a natural person.

Examples of Identifiers as Listed by the General Data Protection Regulation (GDPR):

  • Name
  • Identification Number
  • Location Data
  • Online Identifier

However, the information is only classed as personal data if it ‘relates to’ an individual. To establish whether information relates to an individual, many factors should be considered such as: the purpose(s) for which you are processing the information, the likely impact of that processing on the individual, and the actual content of the information. However, it is also important to consider what the distinguishing factors of personal data are.




What Are The UK’s Data Protection Laws?


The Data Protection Act 2018 controls how your data and personal information can be used as it is the UK’s implementation of the GDPR.

Every person that is responsible for using personal data must follow data protection principles, ensuring data is: used for specified, explicit purposes; used fairly, lawfully and transparently; accurate and kept up to date; kept for no longer than absolutely necessary, and, amongst others, handled in a way that ensures appropriate security. Stronger legal protection is given to sensitive information such as, but not limited to: health, genetics, race, and political opinions.


What Are My Personal Data Rights?


Simply, you have the right to know what information and personal data the government and other organisations store about you. This can include the right to: access your personal data, have data erased, stop or restrict the processing of your data, be informed of how your data is being stored, and have incorrect data updated.

You also have other rights regarding specific situations when organisations are using your data.


How Can I Keep My Personal Data Safe?


The ICO advises people to check the privacy notice of the ordering app they intend to use, paying careful attention to who is collecting their information, what their information will be used for, and if their information will be shared to other organisations.