Mobile Location Technology and Privacy: How Should Restaurants Proceed?

First published on QSR Magazine.

Without question, the global COVID-19 pandemic has increased our reliance on mobile and location technology from using public network data to building contact tracing apps to establishing contactless or zero-contact experiences.

Restaurants included have quickly shifted to an off-premises strategy that utilizes mobile to serve customers safely and accommodate the vast majority of consumers who are relying more heavily on mobile apps to order food and essentials. In fact, nearly two-thirds of consumers surveyed for the most recent State of What Feeds Us Report indicated they have downloaded at least one or more new apps for food purchases just over the last few months.

With the acceleration in the use of both mobile apps and mobile location technology to service and attract customers, it’s clear that the conversation around privacy protection has taken center stage. Many privacy advocates (and consumers) argue that the individual location data that is collected by these apps can compromise PII and personal privacy. But there is a way for restaurants to utilize mobile location technology in a smart, efficient, and safe way for consumers to provide a better customer experience without compromising their personal privacy.

Consumer trust is everything

What is clear is that the successful use of location technology—whether for contact tracing or geofencing to streamline mobile ordering—requires consumer trust, but instilling such trust can be especially difficult when location technology has been abused. Too many companies are collecting more data than necessary, beyond what’s needed to provide a positive consumer experience. The vast majority of consumers may not even realize that some apps collect data indiscriminately, even capturing when a consumer is at home. This data is often shared, sold, or otherwise exploited to increase the location technology vendor’s bottom line. Some technology vendors claim they are “privacy-first” while secretly collecting every move a consumer makes, even when the app is not being used.

However, when put to good use, location technology can be very powerful in benefitting the end customer. In times when limiting interactions and improving speed and wait times are critical, permissioned location information could mean servicing your customers with a timely hand-off experience versus missing the moment altogether.

Location technology and privacy can coexist without sacrificing the benefits to businesses or their customers—but the onus is on businesses to understand how to accomplish this responsibly. While all businesses want to learn more about their customers, it’s up to these companies to outline clear policies to source data ethically, transparently, and for specific reasons. It is no longer acceptable to collect data for the sake of collecting.

Location technology and privacy can coexist without sacrificing the benefits to businesses or their customers—but the onus is on businesses to understand how to accomplish this responsibly.

Consumer businesses should consider a few key steps before rushing to accelerate their investment in mobile and location technology. Doing what’s right means protecting the privacy of their customers while also providing a distinguished customer experience.

Step 1: Put the customer first—use location only when there is a clear benefit to the customer

Location technology on consumer devices should be used to deliver valuable customer experiences with full transparency to the consumer. For example, a customer downloads a location-enabled restaurant app and accepts the use of the location data by the app based on a clearly written explanation of how the data will be used (e.g., to facilitate automated check-in or contactless pickup). The app enables the customer to place an order and then detects when that customer arrives at a specific location, such as the precise entrance to a store, curbside pickup, or drive-thru location. The restaurant can then provide the right order to the right customer at the right time with little to zero contact.

Customers enjoy a significantly enhanced experience, receiving their orders faster and with increased safety. The restaurant benefits because the enhanced customer experience encourages loyalty. For quick-service restaurants, knowing when a customer has entered a drive-thru lane enables staff to have the prepared order ready to hand over at just the right moment, enabling more customers to be served in the same amount of time. The location technology also helps the business increase throughput, frequency and revenue.

Step 2: Apply best practices that truly protect privacy

A location technology win-win for restaurants and their customers does not require a lot of mobile tracking and data collection. A best practice approach includes:

• Collect the least amount of data possible and only the data that is necessary for the use case the customer agrees to.
• Don’t collect any unnecessary personal information, and don’t share or sell personal information or location data. 
• Don’t track location data before or after the defined transaction, and never track when customers travel to or from home.
• Use end-to-end anonymization and encryption to protect personal information.
• Whenever possible, design apps for “on-device processing,” which keeps personal information on the device versus sending to a server.

Step 3: Understand location technology and assess vendors accordingly

“Privacy-friendly” and “privacy-first” can mean different things to different technology vendors. To some, it may just mean that privacy is “opt-in”—that users must accept a privacy statement before any data is collected. However, this does not mean the privacy policy itself actually protects consumers or that the privacy statement users agree to is specific and clearly written. This is how some technology vendors can claim to be privacy-friendly while still collecting more information than needed and even selling that information.

When selecting a vendor to implement location technology, question their privacy-friendly claims, make the appropriate use of sensitive consumer information (including location data) part of the service agreement, and insist on seeing the complete lifecycle of that information, from collection to destruction, in writing.

Also, distinguish between “data security” and “data privacy.” Some vendors will focus on how they protect customer data from cyber threats, such as data breaches. While this is very important, it does not ensure the vendor has a consumer-friendly privacy policy based on the above best practices.

Step 4: Be transparent with your customer

Earning customer trust is imperative to reap the benefits of location technology, and trust starts with transparency. This goes beyond basic “inform and consent” requirements. Be sure there is a clear value exchange. Explain why you are collecting the location data, how this benefits the customer, what information you are collecting, and what happens to that information. Make the language accessible so anyone can understand.

Privacy and location can coexist

Location data and privacy can coexist. They’re not mutually exclusive. By using the technology in the right way, restaurants can create a safe, valuable, and trusted customer experience while also driving increased revenue. This approach has the potential to increase customer lifetime value (CLTV) because businesses are doing what’s right to serve their customers well - both in the moment and in the long-term.

Technology for good

If privacy can be put first to deliver value-driven use cases when rolling out location-based technology, they can gain customer trust and, by extension, consumer adoption.

It’s easy to make claims about being privacy-friendly, but the real challenge is to live and breathe those promises by making it central to your business.

Emil Davityan is the co-founder and CEO of Bluedot. Bluedot’s location technology for mobile apps powers interactions between brands and their customers. Prior to co-founding Bluedot, Emil was a cyber policy adviser to successive Australian Prime Ministers, leading complex projects with major technology companies and international governments