DoorDash, Inc. v. City Of New York
Filing
212
OPINION AND ORDER re: 146 MOTION - Plaintiffs' Notice of Joint Motion for Summary Judgment . filed by DoorDash, Inc., 163 CROSS MOTION for Summary Judgment . filed by City Of New York. For the foregoing reason s, Plaintiffs' motion for summary judgment on the First Amendment claim is GRANTED, and the City's cross-motion for summary judgment on the First Amendment claim is DENIED. On the remaining claims, Plaintiffs' motion and the City� 39;s cross-motion are DENIED as moot. By October 7, 2024, the parties shall file a proposed judgment in accordance with this order. The Clerk of Court is respectfully directed to terminate the motions at ECF Nos. 146 and 163 in docket No. 21 Civ. 7695; ECF Nos. 100, 114, 131, and 142 in No. 21 Civ. 10347; and ECF Nos. 117, 148, and 159 in No. 21 Civ. 10602. SO ORDERED. (Signed by Judge Analisa Torres on 9/24/2024) (vfr)
<![CDATA[
UNITED STATES DISTRICT COURT
SOUTHERN DISTRICT OF NEW YORK
DOORDASH, INC.,
Plaintiff,
USDC SDNY
DOCUMENT
ELECTRONICALLY FILED
DOC #:
DATE FILED: 09/24/2024
-against21 Civ. 7695 (AT)
CITY OF NEW YORK,
Defendant.
PORTIER, LLC,
Plaintiff,
-against-
21 Civ. 10347 (AT)
CITY OF NEW YORK,
Defendant.
GRUBHUB INC.,
Plaintiff,
-againstCITY OF NEW YORK,
21 Civ. 10602 (AT)
OPINION
AND ORDER
Defendant.
ANALISA TORRES, District Judge:
When a diner orders food from a restaurant using the online platform of a third-party
food delivery service (“Delivery Service”), the restaurant generally receives only the individual’s
first name, the first initial of her surname, and the order’s contents—the minimum information
required to fulfill the order. In August 2021, in an effort to support local restaurants that use
Delivery Services, Defendant, the City of New York (the “City”), enacted Local Law No.
2021/090 (the “Customer Data Law”). The Customer Data Law requires that Delivery Services
provide restaurants with a diner’s full name, email address, phone number, delivery address, and
order contents.
Plaintiffs, DoorDash, Inc. (“DoorDash”), Portier, LLC (“Uber Eats”), and Grubhub, Inc.
(“Grubhub”), are Delivery Services. In these consolidated actions, they argue that the Customer
Data Law violates three provisions of the United States Constitution: (1) the First Amendment,
U.S. Const. amend. I, (2) the Takings Clause of the Fifth Amendment, id. amend. V, and (3) the
Contract Clause, id. art. I, § 10. Plaintiffs also contend that the Customer Data Law exceeds the
City’s police powers in violation of N.Y. Const. art. IX, § 2(c). The City agreed to stay
enforcement of the law against Plaintiffs pending resolution of this action. ECF No. 29. 1 The
parties now cross-move for summary judgment. Pl. Mot., ECF No. 146; Def. Mot., ECF No.
163.
For the reasons stated below, Plaintiffs’ motion is GRANTED as to their First
Amendment claim. 2 The City’s cross-motion for summary judgment on the First Amendment
claim is DENIED. On the remaining claims, Plaintiffs’ motion and the City’s cross-motion are
DENIED as moot.
BACKGROUND 3
I.
The Customer Data Law
On July 29, 2021, the New York City Council passed the bill that would become the
Customer Data Law. N.Y.C. Int. No. 2311-A; see Pl. 56.1 ¶¶ 5, 75, ECF No. 165. After thenMayor Bill DeBlasio did not approve the bill or return it with objections within 30 days, it
1
Unless otherwise noted, all citations are to the docket in DoorDash v. City of New York, No. 21 Civ. 7695.
2
The Court shall not decide the remainder of the claims.
The facts in this section are taken from the parties’ Rule 56.1 statements, responses, and declarations, unless
otherwise noted. Disputed facts are so noted. Citations to a paragraph in a Rule 56.1 statement also include the
opposing party’s response. “[W]here there are no citations[,] or where the cited materials do not support the factual
assertions in the [s]tatements, the Court is free to disregard the assertion.” Holtz v. Rockefeller & Co., 258 F.3d 62,
73 (2d Cir. 2001) (alteration omitted). On a motion for summary judgment, the facts must be read in the light most
favorable to the nonmoving party. Id. at 69.
3
2
became law, with an effective date of December 27, 2021. N.Y.C. Admin. Code § 20-563.7
(enacted pursuant to N.Y.C. Local Law No. 2021/090); see Def. 56.1 ¶ 178, ECF No. 182; Pl.
56.1 ¶¶ 77, 79.
The Customer Data Law permits a restaurant to “request customer data from a [Delivery
Service],” and “[u]pon such a request,” the Delivery Service is obligated to furnish it (the
“Restaurant Request Provision”). N.Y.C. Admin. Code § 20-563.7(a). “Customer data,” as
defined by the law, consists of five data points for each customer who places an online order:
(1) name, (2) telephone number, (3) email address, (4) order delivery address, and (5) order
contents. Id. § 20-563. The Delivery Service is required to supply the data “in a machinereadable format, disaggregated by customer, on an at least monthly basis” (the “Machine
Readability Provision”). Id. § 20-563.7(c).
The Delivery Service is barred from providing the data if the customer requests that it not
be shared (the “Opt-Out Provision”). Id. § 20-563.7(b). However, the Customer Data Law
presumes that a diner consents to the disclosure of such information unless she specifically
indicates otherwise (the “Presumed Consent Provision”). Id.
A Delivery Service is not allowed to limit a restaurant’s ability to download and retain
consumer data or the restaurant’s use of it for marketing or other purposes (the “Marketing
Provision”). Id. § 20-563.7(c). However:
Food service establishments that receive customer data pursuant to this section shall
not sell, rent, or disclose [] customer data to any other party in exchange for
financial benefit, except with the express consent of the customer from whom the
customer data was collected; shall enable a customer to withdraw their consent to
use of their data by the food service establishment; and shall delete . . . customer
data upon request by a customer.
Id. § 20-563.7(d) (the “Consent Withdrawal Provision”).
3
II.
Plaintiffs
Plaintiffs are technology companies that connect individuals who place orders,
restaurants that provide food, and delivery persons who deliver orders from restaurants to diners.
Pl. 56.1 ¶¶ 91–92 (DoorDash); id. ¶ 256 (Uber Eats); id. ¶ 540 (Grubhub); see Def. 56.1 ¶ 606.
Each is a Delivery Service under the Customer Data Law and is subject to monetary penalties for
noncompliance. Pl. 56.1 ¶¶ 263, 609; see N.Y.C. Admin. Code §§ 20-563.10 to -563.12.
Plaintiffs work with both small and medium businesses (“SMBs”) and regional, national,
and global chains, known as enterprise merchants (“Enterprises”). Pl. 56.1 ¶¶ 162–63, 376, 378,
550. As of April 30, 2023, DoorDash had contracts with about
approximately
restaurants and had
customers in New York City. Id. ¶¶ 131, 161. Uber Eats has
contracts with approximately
Enterprises. Id. ¶¶ 382, 437. Grubhub
SMBs and
works with approximately 23,000 restaurants in New York City. Id. ¶ 540. Restaurants choose
to use Plaintiffs’ platforms in order to reach both new and existing customers. Id. ¶¶ 109–
10, 277. Restaurants can terminate their relationships with Plaintiffs at will. See Def. 56.1 ¶ 439
(DoorDash); Pl. 56.1 ¶¶ 383–84 (Uber Eats); id. ¶¶ 600–01 (Grubhub).
A. Plaintiffs’ Practices Regarding Data Collection
Plaintiffs offer restaurants various products. The first, which each calls “Marketplace,”
allows a restaurant to appear on Plaintiffs’ web and mobile platforms. Pl. 56.1 ¶¶ 94, 265, 549.
The second provides back-end support for the restaurant’s own website; DoorDash calls this
Storefront, Uber Eats calls this Webshop, and Grubhub calls this Grubhub Direct. Id. ¶¶ 101,
269, 545. The third offers delivery services for restaurants who receive their own orders;
DoorDash calls this Drive, and Uber Eats calls this Uber Direct. Id. ¶¶ 105–06, 279.
4
This case concerns the first product. 4 Through Plaintiffs’ Marketplace products,
individuals order food through Plaintiffs’ platforms to be prepared by a restaurant. Id. ¶¶ 95,
265, 549. Couriers that have agreements with Plaintiffs deliver food orders from the restaurant
to the diners. Id. ¶¶ 97, 265, 549. Customers can also pick up orders from a restaurant’s
physical location, or restaurants can use their own workers to deliver the orders. Id. ¶¶ 98–99,
267–68, 549.
For Marketplace orders, the diner sends data to Plaintiffs directly. Id. ¶ 186; see id.
¶¶ 304, 564–65. People who sign up for or order through Marketplace agree to Plaintiffs’
privacy policies. Id. ¶¶ 124–26; Def. 56.1 ¶¶ 555–56, 561 (DoorDash); Pl. 56.1 ¶¶ 278, 302
(Uber Eats); id. ¶ 556 (Grubhub). The privacy policies set forth how Plaintiffs will collect, use,
and disclose customer data. Pl. 56.1 ¶¶ 125, 126, 279–80; Def. 56.1 ¶¶ 559. For example, Uber
Eats’ privacy policy states that it will use the data to personalize services, track deliveries, enable
dynamic pricing, offer customer support, market its services, and supply anonymized data
analytics to restaurants. Pl. 56.1 ¶¶ 284–89. The policy states that it “may share user data” with
a variety of specified providers, including social media companies, research partners, payment
processors, and Google. Id. ¶ 307. Otherwise, Uber Eats will not furnish the information absent
diner consent. Id. ¶ 308. DoorDash and Grubhub’s privacy policies are materially identical with
regard to how they use and disclose an individual’s personal information. Def. 56.1 ¶¶ 567–70
(DoorDash); Pl. 56.1 ¶¶ 560–61 (Grubhub).
For DoorDash’s Drive and Storefront, diners share their data directly with restaurants. Pl. 56.1 ¶¶ 172, 181–82. In
Drive, the restaurant receives the order and discloses certain information to DoorDash to facilitate delivery.
Id. ¶¶ 181–83. In Storefront, DoorDash hosts the data on its restaurant portal but does not consider itself to own the
data. Def. 56.1 ¶ 528; Pl. 56.1 ¶¶ 173–75. If the order is received through Uber Eats’ Webshop, the restaurant can
obtain the customer’s full name and email address if the individual opts in. Pl. 56.1 ¶¶ 427–28. If the order is
placed through Uber Direct, the restaurant provides the individual’s data to Uber Eats. Id. ¶ 432. If the diner orders
through Grubhub Direct, she is “the restaurant’s customer, not Grubhub’s,” and the information belongs to the
restaurant. Id. ¶ 566.
4
5
The policies also permit Plaintiffs to collect additional data about the diner, including
information from advertising partners and payment and analytics providers, and—with the
customer’s consent—location data and information from social media accounts. Def. 56.1 ¶ 566
(DoorDash); Pl. 56.1 ¶ 281 (Uber Eats); id. ¶ 558 (Grubhub).
B. Plaintiffs’ Practices Regarding Customer Data
When a restaurant receives an order through the Marketplace products, the restaurant
obtains only the customer’s first name, the first initial of her surname, and her order contents—
the “minimum amount of information required to fulfil[l] the order.” Pl. 56.1 ¶¶ 191, 203, 427,
500, 567. If the restaurant elects the self-delivery option, Plaintiffs provide the delivery address
and phone number. Id. ¶¶ 196, 505, 567. Restaurants agree to use the data “for the sole purpose
of fulfilling applicable customer orders.” Def. 56.1 ¶ 483; Pl. 56.1 ¶¶ 502, 567.
Certain Enterprises have negotiated different terms with Plaintiffs. For example,
DoorDash supplies additional categories of data—specifically, a full name and email address—to
five Enterprises which have executed agreements with “opt-in data-sharing contractual
provisions.” Pl. 56.1 ¶ 206; Def. 56.1 ¶ 499). DoorDash has offered other merchants a future
opportunity to do opt-in data sharing. Def. 56.1 ¶¶ 507–08. 5 Brian Sommers, DoorDash’s
director of sales compliance and international sales strategy, testified that
Sommers Dep. at 20:3–5, 148:4–149:10, ECF
No. 149-14; see Pl. 56.1 ¶ 214. Sommers said that DoorDash
DoorDash has also provided two other Enterprise restaurants with a customer’s full name, email address, and order
information so that those Enterprises could “link [their] existing customer rewards program to orders placed by
customers through the Marketplace.” Def. 56.1 ¶¶ 511, 515–16; see id. ¶¶ 518–19 (offering the option to two other
merchants).
5
6
Sommers Dep. at 146:7–10, 148:2–3; Pl. 56.1 ¶¶ 215–16.
Uber Eats often negotiates marketing terms in its Enterprise agreements, including
Pl. 56.1 ¶¶ 438, 440. Jordan Gildersleeve, head of global delivery
partnerships at Uber, testified that
Gildersleeve Dep. at
14:6, 68:21–69:4, ECF No. 151-55. Aaron Cohen, the head of operations for delivery in New
York and New Jersey for Uber, testified
Cohen Dep. at 15:6–7,
47:22–48:1, ECF No. 150-54; see Pl. 56.1 ¶ 444. Gildersleeve testified that Uber Eats
Gildersleeve Dep. at 70:24–71:9; see Pl. 56.1 ¶ 447. Only
Enterprise restaurants have been offered data sharing because, to Gildersleeve’s knowledge,
SMBs have not “been able to bring that type of value that we would be willing to offer that to
them.” Gildersleeve Dep. at 70:3–12.
When Uber Eats agrees to disclose customer data to a restaurant, the Enterprise is
required to sign a data addendum, which specifies that
Pl. 56.1 ¶ 458. Certain addenda
Id. ¶¶ 466, 472–78. Even if a diner opts in, Uber Eats furnishes
7
the person’s “full name, email address, and order contents,” but does not supply phone numbers
or delivery addresses. Id. ¶ 512. Restaurants that receive email addresses are prohibited from
emailing diners to encourage them to stop using Uber Eats. Id. ¶ 531.
Grubhub permits Enterprise restaurants to use customer data “for purposes beyond order
fulfillment” only
Id.
¶ 577. The consideration identified by Grubhub is
Id.
Id. ¶ 578.
Id.
¶¶ 583–84. Amy Healy, Grubhub’s vice president of government affairs, testified that if
restaurants were given customer data freely, they “could go directly to the customer and cut us
out.” Healy 30(b)(6) Dep. at 17:6–13, ECF No. 199-284; see Healy 30(b)(1) Dep. at 16:11, ECF
No. 199-285.
C. Plaintiffs’ Practices Regarding Aggregate Data Sharing
Plaintiffs furnish aggregate data analytics to restaurants. For example, DoorDash
provides restaurants with an “Insights Hub” tool that allows restaurants to access data about their
“menu performance, customer feedback, and daily operations.” Pl. 56.1 ¶ 111. Restaurants can
“understand where their customers are ordering from and what ‘optimal locations’ may exist for
additional stores.” Id. ¶ 149. Uber Eats and Grubhub offer similar tools. Id. ¶¶ 481–82, 491
(Uber Eats); id. ¶ 544(c) (Grubhub).
Restaurants can also use Plaintiffs’ advertising offerings that leverage customer data. Pl.
56.1 ¶ 112; Def. 56.1 ¶ 467 (DoorDash); Pl. 56.1 ¶¶ 484, 487, 492–93 (Uber Eats); id. ¶ 544(c)
8
(Grubhub). For example, DoorDash permits restaurants to run a “First Order, $0 Delivery Fee”
promotion to target diners who have not previously ordered from those businesses. Id. ¶ 144.
And, customer information can “define specific advertising cohorts,” permitting Uber Eats to
(for example) send an ad for chicken to someone who “eat[s] a lot of chicken.” Id. ¶ 290.
D. Impact on Plaintiffs’ Businesses
Plaintiffs have not conducted a formal study of the impact of the Customer Data Law on
their businesses. Def. 56.1 ¶¶ 90, 101, 107, 604. Plaintiffs use customer information to enhance
their own products. Pl. 56.1 ¶¶ 135, 136–39, 142, 149–51 (DoorDash); id. ¶¶ 284–89 (Uber
Eats); id. ¶¶ 560–61 (Grubhub). Plaintiffs have spent “millions of dollars” developing their
products, and on advertising and marketing. Id. ¶¶ 115, 128, 259, 562. Plaintiffs have also
invested resources in data security. Id. ¶¶ 233, 296, 590–95. The City does not dispute that
Plaintiffs would have to expend resources to change their products to comply with the Customer
Data Law. Id. ¶¶ 84–90.
III.
Passage of the Customer Data Law
On June 27, 2019, the New York City Council’s Committee on Small Business held a
hearing regarding the impact of “digital food delivery apps” on “local restaurants and the food
industry.” Def. 56.1 ¶ 1. At the hearing, the executive director of the New York City Hospitality
Alliance—a nonprofit organization representing restaurants and nightlife establishments—asked
the City Council to “explore who owns the customer data and whether a restaurant transacting a
large amount of business on a food delivery platform will lose all of those customers if it leaves
the platform.” Id. ¶ 6. Representatives from both Grubhub and Uber Eats testified that they do
not provide customer data to restaurants. Id. ¶¶ 12, 16.
9
Councilmember Keith Powers presented Introduction No. 2311-2021 (the “Bill”), the
precursor to the Customer Data Law, on May 12, 2021. Def. 56.1 ¶ 64; Pl. 56.1 ¶ 16. On June 8,
2021, the City Council’s Committee on Consumer Affairs and Business Licensing held a public
hearing. Id. ¶ 69. At the hearing, Councilmember Powers said, “We do want to make sure that
we [] strike the right balance and equity between those that hold the information and those that
supply the goods and services, and that’s ultimately the intention of my bill.” Id. ¶ 71. Powers
explained, “[T]his has been such a hard year for our restaurants and our local businesses and this
is a really good opportunity for us again to look at them and think about ways to keep them
surviving here in the city, but also give them a better opportunity to compete and to be able to
stay in our communities for a very long time.” Id. ¶ 72. Powers stated that the Bill would
require “more information sharing” and would allow restaurants to “use [customer] data when it
comes to marketing.” Pl. 56.1 ¶ 19. Councilmember Diana Ayala remarked that customer data
“is one of the most important tools restaurants can use to develop marketing strategies and
customer relations.” Id. ¶ 20. Councilmember Antonio Reynoso said that the Council “should
be” “look[ing] out for the restaurants.” Id. ¶ 21.
Andrew Rigie, the executive director of the New York City Hospitality Alliance, stated at
the hearing, “[B]y withholding the data the [Delivery Services] have enormous leverage over
restaurants, because restaurants can’t leave the platform because then essentially they leave their
customers, and then the [Delivery Services] will use that customer data to market to competitor
restaurants.” Def. 56.1 ¶ 75. Rigie argued that the law would “even the playing field” and allow
restaurants “to reach out [to] their customers to market to them and really own that delivery []
customer, who is their customer.” Id. In written testimony, the New York State Restaurant
10
Association asserted that restaurants “need to be able to reach out directly to their customers,
whether to give an update on an order, or offer a promotion.” Pl. 56.1 ¶ 28.
Also on June 8, 2021, the City Council’s Government Affairs Division issued a
committee report (the “June 8 Report”) regarding the Bill. Id. ¶ 108. The June 8 Report
analyzes why collecting customer data is beneficial for restaurants. Id. ¶ 109. Specifically, it
states that such information “can be a useful mechanism to drive future profits for restaurant
owners, including growing the loyalty of a restaurant’s existing customers and reaching new
audiences.” Id. The June 8 Report explains that Delivery Services limit restaurant access to
customer data and faulted Delivery Services for depriving restaurants of a “record of specific
customers placing repeat orders.” Id. ¶¶ 114, 116. It expresses concern that Delivery Services
“may use customer data from rival restaurants to promote those restaurants that have agreed to
pay a higher commission fee.” Id. ¶ 117.
An amended bill was introduced on July 22, 2021, as Introduction 2311-A (the “Revised
Bill”). Def. 56.1 ¶ 143. The Revised Bill added the Restaurant Request, Opt-Out, Presumed
Consent, and Consent Withdrawal Provisions. Pl. 56.1 ¶ 58; see Def. 56.1 ¶¶ 146–51.
On July 29, 2021, the City Council’s Government Affairs Division issued another report
related to the Revised Bill (the “July 29 Report”). Def. 56.1 ¶ 155. The July 29 Report sets forth
the following findings:
•
Eighty percent of New York City’s restaurants employ fewer than 20 persons, while only
one percent exceeded 500 employees. Id. ¶ 156.
•
Restaurants are the second-largest component of the City’s tourism industry, after
accommodations. Id. ¶¶ 157–58.
•
The restaurant industry needs support “as it weathers ongoing effects of the Covid-19
pandemic.” Id. ¶ 159.
11
•
Delivery Services typically charge commissions and additional fees for increased
visibility on the platform, access to customer information, promotions and marketing, and
delivery. Id. ¶ 160.
•
Delivery Services collect and analyze data supplied by restaurant customers and share
this data with third parties. Id. ¶¶ 161–64.
•
However, Delivery Services “share very little with the restaurants the customer is
ordering from” and limit restaurants’ ability to retain data on customers. Id. ¶¶ 165–66.
•
The Delivery Services “only act as a conduit for the order, which is placed with the
restaurant.” Id. ¶ 167. “Consumers using [Delivery Services] are clearly customers of
the restaurants from which they order, but restaurants are precluded from equitable access
to this data.” Id. ¶ 172.
•
Restaurants “are often left with no records regarding loyal, repeat customers.” Id. ¶ 168.
•
Data analytics allow Delivery Services to “expose customers to restaurants that pay a
higher commission.” Id. ¶ 169. Delivery Services have “list[ed] false information about
a restaurant (for example, listing it as closed), in order to direct traffic to a restaurant
paying higher commissions and fees.” Id. ¶ 170.
•
“[C]ustomer data can [] be a very useful mechanism to drive future profits for restaurant
owners, including growing the loyalty of a restaurant’s existing customer base and
reaching new audiences.” Id. ¶ 173.
•
“[C]ustomer contact information can inform business decisions and enable restaurants to
conduct specific outreach to retain customers.” Id. ¶ 175.
•
“[I]f restaurants had access to their customer data they could offer promo codes,
discounts, and new menu items, which could help turn infrequent or new customers into
loyal customers.” Id. ¶ 176. They also could “assess the popularity of menu items and
further develop relationships in the community.” Id. ¶ 177.
On July 29, 2021, at a hearing held by the Committee on Consumer Affairs and Business
Licensing, Councilmember Powers stated that the Revised Bill was “part of an effort” to
“support our restaurants and bars.” Pl. 56.1 ¶¶ 63–64. Several councilmembers, including Brad
Lander, Carlos Menchaca, and Kalman Yeger, expressed concerns about the bill’s potential
impact on consumers’ “data privacy.” Id. ¶¶ 66–68; see also id. ¶ 68 (Councilmember Yeger
stating that the bill “has nothing to do with COVID-19” and is an “anti-consumer bill.”).
12
Later that day, at a full City Council hearing, City Council Speaker Corey Johnson said
that the Revised Bill, along with four others that were passed that day, would “help small mom
and pop restaurants” and would “help create an equitable playing field between these platforms
and the restaurants that use them.” Id. ¶ 69; Def. 56.1 ¶¶ 153–54. Councilmember Yeger
remarked that, although he did not like the “app industry,” he felt that the Revised Bill
“weaponize[d] . . . the pandemic for purposes of attacking an industry that we don’t like,” and he
objected to the transfer of data from one party to another. Pl. 56.1 ¶ 71. On July 29, 2021, the
City Council passed the Revised Bill with thirty-five affirmative votes, six negative votes, two
abstentions, and six absences. Def. 56.1 ¶ 152; Pl. 56.1 ¶ 75.
Following the Revised Bill’s passage, Mayor Bill de Blasio neither approved nor returned
it with objections within 30 days, so the Customer Data Law was enacted and titled Local Law
90-2021 on August 29, 2021. N.Y.C. Local Law No. 2021/090; see Def. 56.1 ¶ 178; Pl. 56.1
¶ 77. The law had an effective date of December 27, 2021. Pl. 56.1 ¶ 79. It is codified at New
York City Administrative Code § 20-563.7.
IV.
Procedural History
On September 15, 2021, DoorDash filed its complaint and moved for a preliminary
injunction. ECF Nos. 1, 5. On October 4, 2021, the parties stipulated that the City would not
enforce the Customer Data Law against DoorDash, and DoorDash withdrew its preliminaryinjunction motion. ECF No. 29. Uber Eats and Grubhub filed their actions on December 3 and
10, 2021, respectively, and the City agreed to stay enforcement. ECF Nos. 1, 15, No. 21 Civ.
10347; ECF Nos. 1, 19, No. 21 Civ. 10602. By order dated January 7, 2022, the Court
consolidated the three actions. ECF No. 43.
13
By joint stipulation dated January 4, 2024, Plaintiffs voluntarily dismissed their claims
pursuant to the Dormant Commerce Clause of the United States Constitution, the Due Process
Clauses of the United States and New York Constitutions, the Equal Protection Clauses of the
United States and New York Constitutions, and preemption pursuant to New York Civil Rights
Law §§ 50–51. ECF No. 157.
Before the Court are the parties’ cross-motions for summary judgment. Pl. Mot.; Def.
Mot.; see Pl. Mem., ECF No. 153 (redacted); Pl. Reply, ECF No. 181 (redacted); Def. Mem.,
ECF No. 171 (redacted); Def. Reply, ECF No. 192 (redacted). 6
LEGAL STANDARD
Summary judgment is appropriate when the record shows that there is no genuine dispute
as to any material fact and that the moving party is entitled to judgment as a matter of law. Fed.
R. Civ. P. 56(a); Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 247–48 (1986); Celotex Corp. v.
Catrett, 477 U.S. 317, 322–26 (1986). A genuine dispute exists “if the evidence is such that a
reasonable jury could return a verdict for the nonmoving party.” Anderson, 477 U.S. at 248.
The moving party initially bears the burden of informing the Court of the absence of a
genuine dispute of material fact by citing particular evidence in the record. Fed. R. Civ. P.
56(c)(1); Celotex, 477 U.S. at 323–24; Koch v. Town of Brattleboro, 287 F.3d 162, 165 (2d Cir.
2002). If the nonmoving party has the ultimate burden of proof at trial, the movant may also
satisfy its own summary judgment burden by demonstrating that the nonmovant cannot produce
admissible evidence that supports the existence of a triable issue of material fact. Celotex, 477
U.S. at 322–23; PepsiCo, Inc. v. Coca-Cola Co., 315 F.3d 101, 105 (2d Cir. 2002) (per curiam).
If the moving party meets its initial burden, the burden then shifts to the opposing party to
6
The Court addresses Plaintiffs’ sealing requests by separate order. See ECF No. 213.
14
establish a genuine dispute of material fact. Beard v. Banks, 548 U.S. 521, 529 (2006); PepsiCo,
315 F.3d at 105. “Although a party opposing summary judgment need not prove its evidence in
a form admissible at trial or under the evidentiary standard which will be required, it must show
facts sufficient to enable a reasonable mind to conclude that a material dispute
of fact exists.” Healy v. Chelsea Res. Ltd., 736 F. Supp. 488, 491–92 (S.D.N.Y. 1990) (citation
omitted). In deciding each cross-motion for summary judgment, the Court views the record in
the light most favorable to the nonmoving party. Koch, 287 F.3d at 165.
DISCUSSION
I.
First Amendment
“The First Amendment prohibits governmental abridgement of the freedom of speech.”
Commodity Futures Trading Comm’n v. Vartuli, 228 F.3d 94, 110–11 (2d Cir. 2000) (cleaned
up). “At the heart of the First Amendment lies the principle that each person should decide for
himself or herself the ideas and beliefs deserving of expression, consideration, and adherence.”
Turner Broad. Sys., Inc. v. FCC (Turner I), 512 U.S. 622, 641 (1994). Speech serves “the
pursuit of truth, the accommodation among interests, the achievement of social stability, the
exposure and deterrence of abuses of authority, personal autonomy and personality development,
[and] the functioning of a democracy.” Vartuli, 228 F.3d at 111. Freedom of speech is
“indispensable to the discovery and spread of political truth.” Whitney v. California, 274 U.S.
357, 375 (1927) (Brandeis, J., concurring).
Plaintiffs argue that the Customer Data Law infringes the First Amendment by requiring
them to furnish data to restaurants that they otherwise would not provide. The parties disagree as
15
to (1) whether the First Amendment is implicated at all; (2) if it is, what level of scrutiny the
Court should apply; and (3) whether the Customer Data Law passes muster. 7
A. Application of the First Amendment
The first question is whether the Customer Data Law “regulates ‘speech’ within the
meaning of the First Amendment.” Universal City Studios, Inc. v. Corley, 273 F.3d 429, 449–50
(2d Cir. 2001). The Court concludes that it does.
“‘Speech’ is an elusive term, and judges and scholars have debated its bounds for two
centuries.” Id. at 446. But, “the creation and dissemination of information are speech within the
meaning of the First Amendment.” Sorrell v. IMS Health, 564 U.S. 552, 570 (2011). “Even dry
information, devoid of advocacy, political relevance, or artistic expression, has been accorded
First Amendment protection.” Universal City, 273 F.3d at 446; see Rubin v. Coors Brewing Co.,
514 U.S. 476, 481 (1995) (“[I]nformation on beer labels constitutes commercial speech.”).
Sorrell, for example, involved a Vermont law that banned pharmacies from selling data
about physicians’ prescribing practices for drug-marketing purposes. Sorrell, 564 U.S. at 558–
59. When “data miners” and pharmaceutical manufacturers challenged the law on First
Amendment grounds, Vermont contended that the law implicated “conduct, not speech”—akin
to “a ban on the sale of cookbooks, laboratory results, or train schedules.” Id. at 570. The
Supreme Court disagreed, finding instead that there was “a strong argument that prescriber-
The City argues that Plaintiffs’ pre-enforcement First Amendment challenge must be construed as a facial
challenge. Def. Mem. at 32–33; Def. Reply at 6–8. The Court disagrees. The Supreme Court “has permitted preenforcement, as-applied challenges under the First Amendment.” Upsolve, Inc. v. James, 604 F. Supp. 3d 97, 108
(S.D.N.Y. 2022) (citing, inter alia, Holder v. Humanitarian L. Project, 561 U.S. 1, 14–16 (2010)). The Second
Circuit has stated that the Court should “adjudicate as-applied challenges before facial ones in an effort to decide
constitutional attacks on the narrowest possible grounds.” Kane v. De Blasio, 19 F.4th 152, 174 (2d Cir. 2021).
Although some Circuit precedent may seem to suggest that a pre-enforcement lawsuit must be construed as a facial
challenge, the Supreme Court “has eschewed any such bright line rule.” Upsolve, Inc., 604 F. Supp. 3d at 108.
Here, it is “more sensible to frame Plaintiffs’ challenge as an as-applied one,” as the constitutionality of the
Customer Data Law “can be adjudicated on the factual basis” of Plaintiffs’ specific product offerings and
agreements with merchants. Id.
7
16
identifying information is speech for First Amendment purposes.” Id. As the Court explained,
“[a]n individual’s right to speak is implicated when information he or she possesses is subjected
to ‘restraints on the way in which the information might be used’ or disseminated.” Id. at 568
(quoting Seattle Times Co. v. Rhinehart, 467 U.S. 20, 32 (1984)).
Under Sorrell, the Customer Data Law implicates speech. Customer data is information
within Plaintiffs’ possession. 8 And, the Customer Data Law restricts how Plaintiffs can use the
customer data they collect. Previously, when restaurants requested customer data from
Plaintiffs, they could decline to provide it. See Sommers Dep. at 148:4–149:10 (testifying that
). Under the Customer Data Law, Plaintiffs have only one option: They must provide
specific customer data in a machine-readable format at least once a month. See N.Y.C. Admin.
Code § 20-563.7(c).
As the State did in Sorrell, the City argues that the Customer Data Law regulates
Plaintiffs’ conduct, not their speech. It is true that “the First Amendment does not prevent
restrictions directed at commerce or conduct from imposing incidental burdens on speech.”
Sorrell, 564 U.S. at 567. But, this rule is applicable only when a restriction on speech is a
necessary byproduct of the government’s regulation of conduct. See Expressions Hair Design v.
Schneiderman, 581 U.S. 37, 47 (2017). If the City passed a law requiring Plaintiffs to treat all
restaurants equally, for example, and Plaintiffs chose to provide data to one restaurant, the law’s
nondiscrimination mandate could constitutionally require Plaintiffs to provide data to all
Of course, the individual diners know their own names, delivery addresses, phone numbers, email addresses, and
order contents. However, the Customer Data Law requires that the information be provided not by diners directly,
but by Plaintiffs. Pursuant to their privacy policies, Plaintiffs collect customer data for various uses. See Pl. 56.1
¶ 126; Def. 56.1 ¶¶ 566–68 (DoorDash); Pl. 56.1 ¶¶ 279–83 (Uber Eats); id. ¶¶ 560–61 (Grubhub). In the July 29
Report, the City recognizes this, writing that, when people place orders with Delivery Services, those companies
“take ownership of valuable customer information.’” Pl. 56.1 ¶ 127.
8
17
restaurants. Although the law would require speech, the speech would be incidental to the
regulation of conduct—treating all restaurants equally. See Rumsfeld v. F. for Acad. & Inst. Rts.,
Inc. (FAIR), 547 U.S. 47, 55, 60–62 (2006). Another example would be a requirement that
Plaintiffs ensure that each order is delivered safely. Although that law might require Plaintiffs to
speak to the restaurant, customer, and delivery person, that speech would be incidental to the
regulation of conduct. By contrast, the Customer Data Law directly regulates what Plaintiffs can
(indeed, must) “say” to the restaurants that use their services. See Expressions Hair Design, 581
U.S. at 47–48; Nat’l Inst. of Fam. & Life Advocs. v. Becerra (NIFLA), 585 U.S. 755, 770 (2018).
In other words, regulation of speech is the object—not an incidental byproduct—of the law. 9
The City next contends that the First Amendment is not implicated because Plaintiffs are
nothing more than passive intermediaries for diners’ speech. Def. Mem. at 33–36. By analogy,
the City relies on Restaurant Law Center v. City of New York, 360 F. Supp. 3d 192 (S.D.N.Y.
2019), which addressed a New York City law requiring fast-food employers—upon an
employee’s authorization—to deduct voluntary contributions from the employee’s paycheck and
send them to the nonprofit organization of the employee’s choosing. The district court rejected
the employers’ First Amendment challenge, reasoning that “an entity’s mere transmission of
others’ speech does not necessarily constitute speech of that entity.” Id. at 210. Although the
employers served as intermediaries, “they ha[d] no discretion as to the recipient of their
employees’ donations,” and their “act of sending a check to an employee’s designated non-profit
recipient” was a “mere ministerial act, not speech.” Id. at 212 (quotation marks omitted).
9
The City also argues that, unlike in Sorrell, customers have a contractual relationship with the restaurants from
which they order based on the New York Uniform Commercial Code. Def. Reply at 2–3. But this is a distinction
without a difference. The City does not, for example, point to a portion of the Code that requires the transmission of
customer data.
18
Unlike the employers in Restaurant Law Center, Plaintiffs are not mere transmitters of
information; they are more like brokers, making a market between the diner who is searching for
food and the restaurant who is searching for customers. Under Plaintiffs’ privacy policies,
individuals provide data to Plaintiffs with the understanding that Plaintiffs may disclose the
information to third parties. See Pl. 56.1 ¶ 126; Def. 56.1 ¶¶ 566–68 (DoorDash); Pl. 56.1
¶¶ 279–83 (Uber Eats); id. ¶¶ 560–61 (Grubhub). Because Plaintiffs exercise discretion over
who (if anyone) will receive customer data, they are not a mere ministerial mechanism for its
dissemination. Cf. Moody v. NetChoice, 144 S. Ct. 2383, 2406 (2024) (“The individual
messages may originate with third parties, but the larger offering is the platform’s. It is the
product of a wealth of choices about whether—and, if so, how—to convey posts having a certain
content or viewpoint.”); Volokh v. James, 656 F. Supp. 3d 431, 442 (S.D.N.Y. 2023) (“[A]
private entity has an ability to make choices about whether, to what extent, and in what manner it
will disseminate speech.” (citation omitted)); U.S. Telecom Ass’n v. FCC, 825 F.3d 674, 740
(D.C. Cir. 2016) (“[E]ntities that serve as conduits for speech produced by others receive First
Amendment protection . . . [when] the entities are not engaged in indiscriminate, neutral
transmission of any and all users’ speech[.]”).
The City argues that, under the Customer Data Law, diners consent to the disclosure of
their information to the restaurant, which makes it the customers’ speech. But, that is not how
the law is designed. Rather than requiring a person to agree to transmit her data to the
restaurants, the Presumed Consent Provision accepts as true that customers agree to disclose their
data—and transmits their information without any action by the customer. N.Y.C. Admin. Code
§ 20-563.7(b). That is, the Customer Data Law “presume[s]” that customers would like to share
their data, then obligates Plaintiffs to carry out the speech act. Id. Crucially for First
19
Amendment purposes, this configuration involves no “expressive” act by the customers
themselves. See Moody, 144 S. Ct. at 2393 (providing First Amendment protection to social
media platforms “[t]o the extent that [they] create expressive products”); U.S. Telecom Ass’n,
825 F.3d at 742 (examining the “communicative intent of the individual speakers” to determine
whether an entity is acting as its conduit); cf. Riley v. Nat’l Fed’n for the Blind of N.C., Inc., 487
U.S. 781, 791 (1988) (“[T]he government, even with the purest of motives, may not substitute its
judgment as to how best to speak for that of speakers and listeners.”).
In sum, when the Customer Data Law requires that Delivery Services send customer data
to restaurants, it compels speech that falls within the First Amendment’s protection.
B. Level of Review
1. “Genre” of Speech
“[N]ot all speech is of equal First Amendment importance.” Dun & Bradstreet, Inc. v.
Greenmoss Builders, Inc., 472 U.S. 749, 758 (1985). Therefore, the Court must next “determine
the level of scrutiny that applies to the regulation of protected speech at issue.” United States v.
Kokinda, 497 U.S. 720, 725 (1990). To do so, the Court first considers the “genre of speech
involved.” Safelite Grp., Inc. v. Jepsen, 764 F.3d 258, 261 (2d Cir. 2014). On one end of the
spectrum, speech regarding “matters of public concern” lies “at the heart of the First
Amendment’s protection.” First Nat’l Bank of Bos. v. Bellotti, 435 U.S. 765, 776 (1978) (citing
Thornhill v. Alabama, 310 U.S. 88, 101 (1940)). On the other end, certain “well-defined and
narrowly limited” categories of speech—including obscenity, defamation, fraud, incitement, and
speech integral to criminal conduct—are entirely unprotected. United States v. Stevens, 559 U.S.
460, 468–69 (2010) (quoting Chaplinsky v. New Hampshire, 315 U.S. 568, 571–72 (1942)). In
the middle is commercial speech, which enjoys “a limited measure of protection, commensurate
20
with its subordinate position in the scale of First Amendment values.” Ohralik v. Ohio State Bar
Ass’n, 436 U.S. 447, 456 (1978). The City argues that the Customer Data Law regulates
commercial speech; Plaintiffs contend that it regulates “non-commercial speech.” Pl. Mem. at
28. The Court agrees with the City.
Commercial speech is “expression related solely to the economic interests of the speaker
and its audience.” Cent. Hudson Gas & Elec. Corp. v. Pub. Serv. Comm’n of N.Y., 447 U.S. 557,
560–61 (1980). The “core notion of commercial speech” is “speech which does no more than
propose a commercial transaction,” like an advertisement or proposal of employment. Bolger v.
Youngs Drug Prods. Corp., 463 U.S. 60, 66 (1983) (quotation marks and citation omitted); see
Vugo, Inc. v. City of New York, 931 F.3d 42, 48–50 (2d Cir. 2019); Centro de la Comunidad
Hispana de Locust Valley v. Town of Oyster Bay, 868 F.3d 104, 112 (2d Cir. 2017). The
Customer Data Law does more: It requires Plaintiffs to convey information that is not part of an
advertisement and does not by itself “propose a commercial transaction.” Bolger, 463 U.S. at 66.
Therefore, it does not fall neatly within the “core” of commercial speech. Bolger, 463 U.S. at
66.
But, courts have viewed the core notion as “a starting point” and have tried to give effect
to “a ‘common-sense distinction’ between commercial speech and other varieties of speech.”
Jordan v. Jewel Food Stores, Inc., 743 F.3d 509, 516–17 (7th Cir. 2014) (quoting Ohralik, 436
U.S. at 455–56); accord Ariix, LLC v. NutriSearch Corp., 985 F.3d 1107, 1115 (9th Cir. 2021);
Boelter v. Hearst Commc’ns, Inc., 192 F. Supp. 3d 427, 445 (S.D.N.Y. 2016). The Second
Circuit examines the “overall ‘nature’ and ‘effect’” of the speech, Conn. Bar Ass’n v. United
States, 620 F.3d 81, 95 (2d Cir. 2010) (quoting Riley, 487 U.S. at 796), including whether the
statement is made “in the context of [a] commercial transaction[],” Bolger, 463 U.S. at 68; see
21
also N.Y. State Ass’n of Realtors, Inc. v. Shaffer, 27 F.3d 834, 840 (2d Cir. 1994); Grocery Mfrs.
Ass’n v. Sorrell, 102 F. Supp. 3d 583, 627–28 (D. Vt. 2015).
Here, the compelled disclosure of customer data occurs “in the context of [a] commercial
transaction[].” Bolger, 463 U.S. at 68. Plaintiffs agree that customer data is economically
valuable to them—something that they
Sommers Dep. at 146:7–
10, 148:2–3; Pl. 56.1 ¶¶ 215–16; Gildersleeve Dep. at 14:6, 68:21–69:4. And, the July 29 Report
states that customer data is important to restaurants so that they can more effectively market and
make business decisions. Def. 56.1 ¶¶ 173, 175–77; see also Pl. 56.1 ¶ 22; cf. U.S. West, Inc. v.
FCC, 182 F.3d 1224, 1232 (10th Cir. 1999) (examining the speaker’s ultimate use of data—
there, for marketing—in determining the First Amendment interests that attached to the speech).
The “combination of [] these characteristics” supports the conclusion that the disclosure of
customer data is “properly characterized as commercial speech.” 10 Bolger, 463 U.S. at 67.
2. Rational Basis, Intermediate Scrutiny, or Strict Scrutiny
Having concluded that the speech compelled by the Customer Data Law is commercial
speech, the Court next determines what level of review it must apply to the law: rational basis,
intermediate scrutiny, or strict scrutiny.
Regulations of commercial speech are generally subject to the intermediate-scrutiny test
set forth in Central Hudson: “Commercial speech that is not false or deceptive and does not
concern unlawful activities . . . may be restricted only in the service of a substantial
governmental interest, and only through means that directly advance that interest.” Safelite, 764
F.3d at 261 (citation omitted). But, both the City and Plaintiffs argue that intermediate scrutiny
To the extent that Plaintiffs argue the speech is noncommercial because it involves the public interest, the Court
disagrees. In all but the most fringe cases, customer data is anodyne and “solely in the individual interest of the
speaker and its specific business audience.” Dun & Bradstreet, 472 U.S. at 762; accord Trans Union Corp. v. FTC,
245 F.3d 809, 818 (D.C. Cir. 2001).
10
22
is inappropriate. The City argues for a more lenient test, and Plaintiffs argue for a more stringent
test.
The City contends that the Court should apply a rational basis review based on Zauderer
v. Office of Disciplinary Counsel, 471 U.S. 626, 651 (1985), which created an exception to
intermediate scrutiny for commercial speech involving only a mandated “informational
disclosure” (as opposed to a “prohibition on speech”). Safelite, 764 F.3d at 262; see Def. Mem.
at 38–40. In Zauderer, the Supreme Court examined an Ohio rule that required attorneys
advertising their contingency-fee services to disclose that “the client may have to bear certain
expenses even if he loses.” 471 U.S. at 650. In upholding the rule, the Court noted that the
required disclosure involved “purely factual and uncontroversial information about the terms
under which [the attorney’s] services will be available.” Id. at 651. Because the attorney had a
“minimal” constitutionally protected interest in withholding that information from potential
clients, the regulation was subject to rational-basis review. Id.
The Court is not persuaded that Zauderer applies. In Zauderer, the Supreme Court was
concerned that the public could be misled by trickily worded attorney advertisements and found
that the required disclosures served a helpful corrective purpose. Id. at 652–53. Here, by
contrast, the compelled disclosure is made not to the general public, but to Plaintiffs’
competitors—the restaurants. 11 The disclosure, therefore, does not serve the public
informational interest that animated Zauderer. Nor does the disclosure concern merely the
The City argues that the Delivery Services and restaurants are partners, not competitors, but it is indisputable that
there are competitive aspects to the Delivery Service-restaurant relationship. Indeed, in the June 8 and July 29
Reports, the City made clear that part of the reason it sought to give restaurants access to customer data was to
enable them to leave Plaintiffs’ platforms. See Healy 30(b)(6) Dep. at 17:6–13 (testifying that restaurants could “cut
[Grubhub] out”); Gildersleeve Dep. at 68:21–69:4 (testifying that
”); Pl. 56.1 ¶ 35 (New York City Hospitality Alliance representative
testifying that customer data was “needed to make the ability to leave a third party provider meaningful”).
11
23
“terms under which [Plaintiffs’] services will be available”; rather, it reflects data collected by
Plaintiffs in the course of their services. Id.; cf. Safelite, 764 F.3d at 264 (noting that Zauderer
does not apply to compelled speech “that goes beyond the speaker’s own product or service”).
Therefore, the Court shall not apply Zauderer’s rational-basis review.
Plaintiffs, on the other hand, contend that, the “nature of the law” should trigger strict
scrutiny, not intermediate scrutiny. See Safelite, 764 F.3d at 261; Pl. Mem. at 28–31. Although
Plaintiffs are correct that government action evincing an improper purpose compels a higher
level of scrutiny, the Court “need not decide the issue” of whether strict or intermediate scrutiny
applies. Evergreen Ass’n v. City of New York, 740 F.3d 233, 245 (2d Cir. 2014). For the reasons
set forth below, the Customer Data Law cannot withstand even intermediate scrutiny.
C. Application of Intermediate Scrutiny
1. Legal Standard
The government can freely regulate commercial speech that concerns unlawful activity or
is misleading. Central Hudson, 447 U.S. at 566. But where, as here, the information does not
fall into those two categories, courts apply a balancing test to determine whether a commercialspeech regulation passes intermediate scrutiny. Id. Courts inquire into (1) “whether the asserted
governmental interest is substantial,” (2) “whether the regulation directly advances the
governmental interest asserted,” and (3) “whether [the regulation] is not more extensive than is
necessary to serve that interest.” Id. The components of the test are “to a certain extent,
interrelated.” Greater New Orleans Broad. Ass’n v. United States, 527 U.S. 173, 183–84 (1999).
To evaluate whether an interest is substantial, the Court must “evaluate the City’s
asserted goal in enacting the regulation.” Vugo, Inc., 931 F.3d at 51; see Edenfield v. Fane, 507
U.S. 761, 768 (1993) (“[T]he Central Hudson standard does not permit [the Court] to supplant
24
the precise interests put forward by [the government] with other suppositions.”). “When the
[g]overnment defends a regulation on speech as a means to redress past harms or prevent
anticipated harms, it must do more than simply posit the existence of the disease sought to be
cured.” Turner I, 512 U.S. at 664 (quotation marks and citation omitted). Intermediate scrutiny
requires that the state “demonstrate that the harms it recites are real.” Rubin, 514 U.S. at 487.
Next, the City must demonstrate that “the speech restriction directly and materially
advances the asserted governmental interest” and “will in fact alleviate [the harms identified by
the City] to a material degree.” Greater New Orleans, 527 U.S. at 188. “[T]he regulation may
not be sustained if it provides only ineffective or remote support for the government’s purpose.”
Central Hudson, 447 U.S. at 564.
“The last step of the Central Hudson test complements the [prior] step, asking whether
the speech restriction is not more extensive than necessary to serve the interests that support it.”
Lorillard Tobacco Co. v. Reilly, 533 U.S. 525, 556 (2001) (cleaned up). The fit need not be
“perfect, but reasonable; that represents not necessarily the single best disposition but one whose
scope is in proportion to the interest served.” Bd. of Trs. of the State Univ. of N.Y. v. Fox, 492
U.S. 469, 480 (1989) (quotation marks and citation omitted).
2. Application
The City argues that it has a substantial interest in protecting the restaurant industry—“a
critical sector of the New York City economy”—from the “exploitive practices” of Delivery
Services. Def. Mem. at 45. The Customer Data Law seeks to “strike the right balance and
equity between those that hold the information and those that supply the goods and services.” Id.
at 41 (quoting Def. 56.1 ¶¶ 71–72).
Courts have held that “promoting a major industry that contributes to the economic
25
vitality of the [locality] is a substantial government interest.” Edwards v. District of Columbia,
755 F.3d 996, 1002 (D.C. Cir. 2014) (citing Smith v. City of Ft. Lauderdale, 177 F.3d 954, 955–
56 (11th Cir. 1999)); Ctr. for Bio-Ethical Reform, Inc. v. City & Cnty. of Honolulu, 455 F.3d
910, 922 (9th Cir. 2006)). Society has an “interest in maintaining the small businesses necessary
for functioning neighborhoods.” Melendez v. City of New York, 16 F.4th 992, 1037 (2d Cir.
2021). And, “the Government’s interest in eliminating restraints on fair competition is always
substantial.” Turner I, 512 U.S. at 664. But, the City cannot simply “posit the existence of the
disease sought to be cured”; it must demonstrate that the harms exist, that the regulation posed
addresses those harms, and that the regulation is tailored to those harms. Id.
The City identifies three allegedly “exploitive” practices. First, Delivery Services “limit
the ability of restaurants to retain data on their own customers,” which hampers restaurants’
ability to “reach out to their loyal customers” and “assess menu items’ popularity.” Def. Mem.
at 42–43 (quoting June 8 Report at NYC_0002187–88). 12 Second, Delivery Services may use a
restaurant’s customer data to promote competitor restaurants that pay the services higher fees, or
to establish virtual restaurants that sell meals solely on the platform. Id. at 43. Third, Delivery
Services “list[] false information about a restaurant (for example, listing it as closed), in order to
direct traffic to a restaurant paying higher commissions and fees.” Id. (quoting July 29 Report at
NYC_0002235).
The Court shall begin with the latter two practices identified by the City. Although the
City has explained why these practices harm restaurants and has established a substantial interest
in regulating them, it has not provided evidence that the Customer Data Law will in fact affect
The City does not contend that Plaintiffs restrict a restaurant’s ability to retain data about orders that they take
outside of Plaintiffs’ platforms. Regarding the orders on Plaintiffs’ platforms, it is more accurate to say that
Plaintiffs do not provide restaurants with all five categories of “customer data,” as defined by the Customer Data
Law, rather than that they bar restaurants from retaining data.
12
26
the objectionable practices. The City states, “[I]t is undisputed that the [Customer Data] Law
does not restrict Plaintiffs’ use of customer data (such as using the data to provide delivery or
marketing services).” Def. Reply at 40. Therefore, Plaintiffs may continue to use customer data
to promote competitors. And, the Customer Data Law does not aim at false or misleading
statements made by Plaintiffs, even though Central Hudson permits such regulation of
commercial speech. The only effect that the Customer Data Law could have on these two
practices is to make it more desirable for restaurants, now equipped with data that they could use
to target customers, to leave Plaintiffs’ platforms. But, even that has a “remote” connection to
these practices, Central Hudson, 447 U.S. at 564, because restaurants can leave Plaintiffs’
platforms now, see Def. 56.1 ¶ 439 (DoorDash); Pl. 56.1 ¶¶ 383–84, 466 (Uber Eats); id. ¶¶ 600–
01 (Grubhub), and Plaintiffs could continue these practices with whatever restaurants choose not
to leave the platforms.
In IMS Health, Inc. v. Sorrell, 630 F.3d 263, 275–76 (2d Cir. 2010), aff’d, 564 U.S. 552
(2011), the Second Circuit examined the Vermont statute (discussed supra at 16–17) that
prohibited the sale of prescriber-identifiable health data for drug marketing purposes. Vermont
asserted an interest in “protecting the privacy of prescribers and prescribing information.” Id. at
275. Because prescriber data could be sold for non-marketing purposes, the Circuit construed
Vermont’s asserted interest as a twofold “interest in the integrity of the prescribing process itself,
and . . . an interest in preserving patients’ trust in their doctors.” Id. at 276. But, the Circuit
faulted Vermont for failing to “show[] any effect” on these two interests “from the use of
[prescriber-identifiable data] in marketing.” Id. The evidence that Vermont put forth was either
“speculative” or “merely indicate[d] that some doctors do not approve” of the use of prescriber-
27
identifiable data in marketing. Id. Therefore, the Circuit rejected the “medical privacy” interest
as “too speculative to qualify as a substantial state interest under Central Hudson.” Id.
The City’s evidence is similarly flawed. The July 29 Report states that restaurants could
use customer data to “offer promo codes, discounts, and new menu items” and “assess the
popularity of menu items.” Def. 56.1 ¶¶ 176–77. But, Plaintiffs currently provide marketing
tools—with solicited listings, promotions, and other forms of advertising—that permit
restaurants to reach out to the customers who place orders through their platforms. E.g., Pl. 56.1
¶¶ 112, 484, 487, 492–93, 544(c). Plaintiffs also provide data analytics that permit restaurants to
understand the performance of menu items. Id. ¶¶ 111, 149, 481–82, 491, 544(c).
The City’s July 29 Report also claims that Plaintiffs’ restrictions on data leave restaurants
with no records regarding repeat customers. Def. 56.1 ¶ 168. But, the City has failed to show
the effect of this practice on the strength of the restaurant industry. According to the City, the
practice affects restaurants because “80% of [them] are small and employ less than 20
employees,” and they “continue to weather the effects of the COVID-19 pandemic.” Def. Mem.
at 43; see Def. 56.1 ¶¶ 156, 159. The City does not explain why the size of the restaurants and
the fact that they remain affected by COVID-19 make it more likely that withholding customer
data will harm the restaurant industry as a whole. The City does not dispute that Plaintiffs
provide restaurants with access to customers and orders that they may not otherwise have. Pl.
56.1 ¶¶ 109–10, 277. Certain of Plaintiffs’ advertising tools permit outreach to individual
customers that have previously interacted with the restaurants. Id. ¶¶ 142–43, 482–85. And,
Plaintiffs—through their Storefront, Webshop, and Grubhub Direct products—provide
restaurants with back-end support for building their own websites and owning their customer
data. Id. ¶¶ 173–75, 432, 566. Accordingly, the City’s claim that the Delivery Services’ practice
28
of withholding data is exploitative is “too speculative to qualify as a substantial state interest.”
IMS Health, 630 F.3d at 276. 13
The City may prefer that restaurants have access to customer data, but a mere preference
for one industry over another is not a substantial state interest. See Safelite, 764 F.3d at 264
(noting that speech that serves “covertly protectionist” goals by “protecting existing businesses”
over competitors is disfavored under the First Amendment).
Even if the Court were to find that the City has a substantial interest in ensuring that
restaurants obtain data about customers who order food, it has not demonstrated that the
Customer Data Law is appropriately tailored to this goal. Under Central Hudson, the Second
Circuit has required that the government offer some empirical evidence that there is a “fit”
between a speech restriction and the “degree of the harm” it aims to redress. N.Y. State Ass’n of
Realtors, 27 F.3d at 844 (emphasis omitted). The Customer Data Law mandates that Plaintiffs
hand over specific customer data within their possession. Less restrictive alternatives to promote
the same goal include requiring Plaintiffs to offer an opt-in program for customers to send their
data to restaurants, providing financial incentives to encourage Delivery Services to provide
certain customer data to restaurants, and subsidizing the development of online ordering
platforms for individual restaurants. 14 See Pl. Mem. at 32–33. The City has not demonstrated
“The [s]tate’s interest in protecting consumers from ‘commercial harms’ [] provides ‘the typical reason why
commercial speech can be subject to greater governmental regulation than noncommercial speech.’” 44 Liquormart,
Inc. v. Rhode Island, 517 U.S. 484, 502 (1996) (quoting Cincinnati v. Discovery Network, Inc., 507 U.S. 410, 426
(1993)). But, the City has not asserted an interest in consumer protection, and the Court must assess the City’s
stated interests, not hypothetical ones. Edenfield, 507 U.S. at 768.
13
The City could also enact more targeted regulations to address more specific goals. For example, if the City
wanted to ensure that restaurants had a record of repeat customers, the City could seek to regulate how Plaintiffs’
platforms integrate external customer loyalty programs. If the City were concerned about the fees that Plaintiffs
were charging for advertising on their platforms, it could seek to regulate such fees. And, if the City were concerned
about Delivery Services misleading restaurants about who owned the customer data, it could seek to regulate that
specific practice.
14
29
that an incentive-based program or more fine-tuned regulation would be ineffective, and
compelling Delivery Services to disclose customer data is incommensurate with the identified
harm.
Because the Customer Data Law regulates commercial speech but fails intermediate
scrutiny, it violates the First Amendment. Accordingly, the Court GRANTS Plaintiffs’ motion
for summary judgment and DENIES Defendant’s cross-motion for summary judgment.
II.
Remaining Claims
The Court’s decision on the First Amendment claim prohibits the City from enforcing the
Customer Data Law against Plaintiffs and, therefore, provides Plaintiffs with the ultimate relief
they seek. “[I]f it is not necessary to decide more to dispose of a case, then it is necessary not to
decide more.” Trump v. Anderson, 601 U.S. 100, 118 (2024) (Sotomayor, Kagan, and Jackson,
J.J., concurring in judgment) (citation omitted). And, the remaining claims present questions of
constitutional and state law, where the Court should be particularly careful not to issue advisory
opinions. See Allstate Ins. Co. v. Serio, 261 F.3d 143, 149–50 (2d Cir. 2001) (“It is axiomatic
that the federal courts should, where possible, avoid reaching constitutional questions.”); Young
v. N.Y.C. Transit Auth., 903 F.2d 146, 163–64 (2d Cir. 1990) (“[N]eedless decisions of state law
should be avoided both as a matter of comity and to promote justice between the parties, by
procuring for them a surer-footed reading of applicable law.” (quoting United Mine Workers of
Am. v. Gibbs, 383 U.S. 715, 726 (1966))). The remaining claims are, therefore, DENIED as
moot.
30
CONCLUSION
For the foregoing reasons, Plaintiffs’ motion for summary judgment on the First
Amendment claim is GRANTED, and the City’s cross-motion for summary judgment on the
First Amendment claim is DENIED. On the remaining claims, Plaintiffs’ motion and the City’s
cross-motion are DENIED as moot. By October 7, 2024, the parties shall file a proposed
judgment in accordance with this order.
The Clerk of Court is respectfully directed to terminate the motions at ECF Nos. 146 and
163 in docket No. 21 Civ. 7695; ECF Nos. 100, 114, 131, and 142 in No. 21 Civ. 10347; and
ECF Nos. 117, 148, and 159 in No. 21 Civ. 10602.
SO ORDERED.
Dated: September 24, 2024
New York, New York
31
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
