Restaurant patrons who’ve grown accustomed during the pandemic to whipping out their phones to access menus using QR codes should understand the implications for their personal data, say privacy and cyber-security experts.
That’s especially important given some restaurant owners are finding electronic menus efficient and cost effective, and that they may hold onto the practice even after COVID-19 is more contained.
It’s not the QR code itself that collects customer data, said Dustin Moores, a privacy lawyer with nNovation LLP in Ottawa.
“What the QR code does is it sort of acts as a web link to a web page. So when you scan a QR code on your phone, in all likelihood it is going to send you to either the restaurant’s website, or to the website of a service provider that’s being used by the restaurant,” he told Cost of Living producer Jennifer Keene.
“What’s happening is we’re replacing a very sort of innocuous object, a restaurant menu, with a website that comes with all the sort of tracking technologies that you see in modern e-commerce today.”
A marketing device
Bringing up an online menu on your phone doesn’t mean you’re handing data such as your birth date and banking details to bad actors on the internet.
The more immediate implication is that it gives your local pub, or the platform they use, new knowledge of your behaviours and preferences that it can use to better sell to you.
“If you’re a returning customer to to one of these restaurants that use the QR code technology, they might be able to say, ‘Hey, we know that Jennifer ordered the Caesar salad last time; let’s put it at the top of our menu this time because we know that she likes it,'” said Moores.
The restaurant could also use the information it has gathered to upsell customers, such as suggesting the customer add chicken to that salad, he said. Ot it could try to influence your choices by offering a discount on the dish you enjoyed last…