Opinion
21 Civ. 7695 (AT) 21 Civ. 10347 (AT) 21 Civ. 10602 (AT)
09-24-2024
DOORDASH, INC., Plaintiff, v. CITY OF NEW YORK, Defendant. PORTIER, LLC, Plaintiff, v. CITY OF NEW YORK, Defendant. GRUBHUB INC., Plaintiff, v. CITY OF NEW YORK, Defendant.
OPINION AND ORDER
ANALISA TORRES, DISTRICT JUDGE:
When a diner orders food from a restaurant using the online platform of a third-party food delivery service (“Delivery Service”), the restaurant generally receives only the individual's first name, the first initial of her surname, and the order's contents-the minimum information required to fulfill the order. In August 2021, in an effort to support local restaurants that use Delivery Services, Defendant, the City of New York (the “City”), enacted Local Law No. 2021/090 (the “Customer Data Law”). The Customer Data Law requires that Delivery Services provide restaurants with a diner's full name, email address, phone number, delivery address, and order contents.
Plaintiffs, DoorDash, Inc. (“DoorDash”), Portier, LLC (“Uber Eats”), and Grubhub, Inc. (“Grubhub”), are Delivery Services. In these consolidated actions, they argue that the Customer Data Law violates three provisions of the United States Constitution: (1) the First Amendment, U.S. Const. amend. I, (2) the Takings Clause of the Fifth Amendment, id. amend. V, and (3) the Contract Clause, id. art. I, § 10. Plaintiffs also contend that the Customer Data Law exceeds the City's police powers in violation of N.Y. Const. art. IX, § 2(c). The City agreed to stay enforcement of the law against Plaintiffs pending resolution of this action. ECF No. 29. The parties now cross-move for summary judgment. Pl. Mot., ECF No. 146; Def. Mot., ECF No. 163.
Unless otherwise noted, all citations are to the docket in DoorDash v. City of New York, No. 21 Civ. 7695.
For the reasons stated below, Plaintiffs' motion is GRANTED as to their First Amendment claim. The City's cross-motion for summary judgment on the First Amendment claim is DENIED. On the remaining claims, Plaintiffs' motion and the City's cross-motion are DENIED as moot.
The Court shall not decide the remainder of the claims.
The facts in this section are taken from the parties' Rule 56.1 statements, responses, and declarations, unless otherwise noted. Disputed facts are so noted. Citations to a paragraph in a Rule 56.1 statement also include the opposing party's response. “[W]here there are no citations[,] or where the cited materials do not support the factual assertions in the [s]tatements, the Court is free to disregard the assertion.” Holtz v. Rockefeller & Co., 258 F.3d 62, 73 (2d Cir. 2001) (alteration omitted). On a motion for summary judgment, the facts must be read in the light most favorable to the nonmoving party. Id. at 69.
I. The Customer Data Law
On July 29, 2021, the New York City Council passed the bill that would become the Customer Data Law. N.Y.C. Int. No. 2311-A; see Pl. 56.1 ¶¶ 5, 75, ECF No. 165. After then-Mayor Bill DeBlasio did not approve the bill or return it with objections within 30 days, it became law, with an effective date of December 27, 2021. N.Y.C. Admin. Code § 20-563.7 (enacted pursuant to N.Y.C. Local Law No. 2021/090); see Def. 56.1 ¶ 178, ECF No. 182; Pl. 56.1 ¶¶ 77, 79.
The Customer Data Law permits a restaurant to “request customer data from a [Delivery Service],” and “[u]pon such a request,” the Delivery Service is obligated to furnish it (the “Restaurant Request Provision”). N.Y.C. Admin. Code § 20-563.7(a). “Customer data,” as defined by the law, consists of five data points for each customer who places an online order: (1) name, (2) telephone number, (3) email address, (4) order delivery address, and (5) order contents. Id. § 20-563. The Delivery Service is required to supply the data “in a machine-readable format, disaggregated by customer, on an at least monthly basis” (the “Machine Readability Provision”). Id. § 20-563.7(c).
The Delivery Service is barred from providing the data if the customer requests that it not be shared (the “Opt-Out Provision”). Id. § 20-563.7(b). However, the Customer Data Law presumes that a diner consents to the disclosure of such information unless she specifically indicates otherwise (the “Presumed Consent Provision”). Id.
A Delivery Service is not allowed to limit a restaurant's ability to download and retain consumer data or the restaurant's use of it for marketing or other purposes (the “Marketing Provision”). Id. § 20-563.7(c). However:
Food service establishments that receive customer data pursuant to this section shall not sell, rent, or disclose [] customer data to any other party in exchange for financial benefit, except with the express consent of the customer from whom the customer data was collected; shall enable a customer to withdraw their consent to use of their data by the food service establishment; and shall delete . . . customer data upon request by a customer.Id. § 20-563.7(d) (the “Consent Withdrawal Provision”).
II. Plaintiffs
Plaintiffs are technology companies that connect individuals who place orders, restaurants that provide food, and delivery persons who deliver orders from restaurants to diners. Pl. 56.1 ¶¶ 91-92 (DoorDash); Id. ¶ 256 (Uber Eats); Id. ¶ 540 (Grubhub); see Def. 56.1 ¶ 606. Each is a Delivery Service under the Customer Data Law and is subject to monetary penalties for noncompliance. Pl. 56.1 ¶¶ 263, 609; see N.Y.C. Admin. Code §§ 20-563.10 to -563.12.
Plaintiffs work with both small and medium businesses (“SMBs”) and regional, national, and global chains, known as enterprise merchants (“Enterprises”). Pl. 56.1 ¶¶ 162-63, 376, 378, 550. As of April 30, 2023, DoorDash had contracts with about [Redacted] restaurants and had approximately [Redacted] customers in New York City. Id. ¶¶ 131, 161. Uber Eats has contracts with approximately [Redacted] SMBs and [Redacted] Enterprises. Id. ¶¶ 382, 437. Grubhub works with approximately 23,000 restaurants in New York City. Id. ¶ 540. Restaurants choose to use Plaintiffs' platforms in order to reach both new and existing customers. Id. ¶¶ 10910, 277. Restaurants can terminate their relationships with Plaintiffs at will. See Def. 56.1 ¶ 439 (DoorDash); Pl. 56.1 ¶¶ 383-84 (Uber Eats); Id. ¶¶ 600-01 (Grubhub).
A. Plaintiffs' Practices Regarding Data Collection
Plaintiffs offer restaurants various products. The first, which each calls “Marketplace,” allows a restaurant to appear on Plaintiffs' web and mobile platforms. Pl. 56.1 ¶¶ 94, 265, 549. The second provides back-end support for the restaurant's own website; DoorDash calls this Storefront, Uber Eats calls this Webshop, and Grubhub calls this Grubhub Direct. Id. ¶¶ 101, 269, 545. The third offers delivery services for restaurants who receive their own orders; DoorDash calls this Drive, and Uber Eats calls this Uber Direct. Id. ¶¶ 105-06, 279.
This case concerns the first product. Through Plaintiffs' Marketplace products, individuals order food through Plaintiffs' platforms to be prepared by a restaurant. Id. ¶¶ 95, 265, 549. Couriers that have agreements with Plaintiffs deliver food orders from the restaurant to the diners. Id. ¶¶ 97, 265, 549. Customers can also pick up orders from a restaurant's physical location, or restaurants can use their own workers to deliver the orders. Id. ¶¶ 98-99, 267-68, 549.
For DoorDash's Drive and Storefront, diners share their data directly with restaurants. Pl. 56.1 ¶¶ 172, 181-82. In Drive, the restaurant receives the order and discloses certain information to DoorDash to facilitate delivery. Id. ¶¶ 181-83. In Storefront, DoorDash hosts the data on its restaurant portal but does not consider itself to own the data. Def. 56.1 ¶ 528; Pl. 56.1 ¶¶ 173-75. If the order is received through Uber Eats' Webshop, the restaurant can obtain the customer's full name and email address if the individual opts in. Pl. 56.1 ¶¶ 427-28. If the order is placed through Uber Direct, the restaurant provides the individual's data to Uber Eats. Id. ¶ 432. If the diner orders through Grubhub Direct, she is “the restaurant's customer, not Grubhub's,” and the information belongs to the restaurant. Id. ¶ 566.
For Marketplace orders, the diner sends data to Plaintiffs directly. Id. ¶ 186; see Id. ¶¶ 304, 564-65. People who sign up for or order through Marketplace agree to Plaintiffs' privacy policies. Id. ¶¶ 124-26; Def. 56.1 ¶¶ 555-56, 561 (DoorDash); Pl. 56.1 ¶¶ 278, 302 (Uber Eats); Id. ¶ 556 (Grubhub). The privacy policies set forth how Plaintiffs will collect, use, and disclose customer data. Pl. 56.1 ¶¶ 125, 126, 279-80; Def. 56.1 ¶¶ 559. For example, Uber Eats' privacy policy states that it will use the data to personalize services, track deliveries, enable dynamic pricing, offer customer support, market its services, and supply anonymized data analytics to restaurants. Pl. 56.1 ¶¶ 284-89. The policy states that it “may share user data” with a variety of specified providers, including social media companies, research partners, payment processors, and Google. Id. ¶ 307. Otherwise, Uber Eats will not furnish the information absent diner consent. Id. ¶ 308. DoorDash and Grubhub's privacy policies are materially identical with regard to how they use and disclose an individual's personal information. Def. 56.1 ¶¶ 567-70 (DoorDash); Pl. 56.1 ¶¶ 560-61 (Grubhub).
The policies also permit Plaintiffs to collect additional data about the diner, including information from advertising partners and payment and analytics providers, and-with the customer's consent-location data and information from social media accounts. Def. 56.1 ¶ 566 (DoorDash); Pl. 56.1 ¶ 281 (Uber Eats); Id. ¶ 558 (Grubhub).
B. Plaintiffs' Practices Regarding Customer Data
When a restaurant receives an order through the Marketplace products, the restaurant obtains only the customer's first name, the first initial of her surname, and her order contents- the “minimum amount of information required to fulfil[l] the order.” Pl. 56.1 ¶¶ 191, 203, 427, 500, 567. If the restaurant elects the self-delivery option, Plaintiffs provide the delivery address and phone number. Id. ¶¶ 196, 505, 567. Restaurants agree to use the data “for the sole purpose of fulfilling applicable customer orders.” Def. 56.1 ¶ 483; Pl. 56.1 ¶¶ 502, 567.
DoorDash has also provided two other Enterprise restaurants with a customer's full name, email address, and order information so that those Enterprises could “link [their] existing customer rewards program to orders placed by customers through the Marketplace.” Def. 56.1 ¶¶ 511, 515-16; see id. ¶¶ 518-19 (offering the option to two other merchants).
Certain Enterprises have negotiated different terms with Plaintiffs. For example, DoorDash supplies additional categories of data-specifically, a full name and email address-to five Enterprises which have executed agreements with “opt-in data-sharing contractual provisions.” Pl. 56.1 ¶ 206; Def. 56.1 ¶ 499). DoorDash has offered other merchants a future opportunity to do opt-in data sharing. Def. 56.1 ¶¶ 507-08.5 Brian Sommers, DoorDash's director of sales compliance and international sales strategy, testified that [Redacted] Sommers Dep. at 20:3-5, 148:4-149:10, ECF No. 149-14; see Pl. 56.1 ¶ 214. Sommers said that DoorDash [Redacted] [Redacted] Sommers Dep. at 146:7-10, 148:2-3; Pl. 56.1 ¶¶ 215-16.
Uber Eats often negotiates marketing terms in its Enterprise agreements, including [Redacted] Pl. 56.1 ¶¶ 438, 440. Jordan Gildersleeve, head of global delivery partnerships at Uber, testified that [Redacted] Gildersleeve Dep. At 14:6, 68:21-69:4, ECF No. 151-55. Aaron Cohen, the head of operations for delivery in New York and New Jersey for Uber, testified [Redacted] Cohen Dep. at 15:6-7, 47:22-48:1, ECF No. 150-54; see Pl. 56.1 ¶ 444. Gildersleeve testified that Uber Eats [Redacted] Gildersleeve Dep. at 70:24-71:9; see Pl. 56.1 ¶ 447. Only Enterprise restaurants have been offered data sharing because, to Gildersleeve's knowledge, SMBs have not “been able to bring that type of value that we would be willing to offer that to them.” Gildersleeve Dep. at 70:3-12.
When Uber Eats agrees to disclose customer data to a restaurant, the Enterprise is required to sign a data addendum, which specifies that [Redacted] Pl. 56.1 ¶ 458. Certain addenda [Redacted] Id. ¶¶ 466, 472-78. Even if a diner opts in, Uber Eats furnishes the person's “full name, email address, and order contents,” but does not supply phone numbers or delivery addresses. Id. ¶ 512. Restaurants that receive email addresses are prohibited from emailing diners to encourage them to stop using Uber Eats. Id. ¶ 531.
Grubhub permits Enterprise restaurants to use customer data “for purposes beyond order fulfillment” only [Redacted] Id. ¶ 577. The consideration identified by Grubhub is [Redacted] Id. Id. ¶ 578. [Redacted] Id. ¶¶ 583-84. Amy Healy, Grubhub's vice president of government affairs, testified that if restaurants were given customer data freely, they “could go directly to the customer and cut us out.” Healy 30(b)(6) Dep. at 17:6-13, ECF No. 199-284; see Healy 30(b)(1) Dep. at 16:11, ECF No. 199-285.
C. Plaintiffs' Practices Regarding Aggregate Data Sharing
Plaintiffs furnish aggregate data analytics to restaurants. For example, DoorDash provides restaurants with an “Insights Hub” tool that allows restaurants to access data about their “menu performance, customer feedback, and daily operations.” Pl. 56.1 ¶ 111. Restaurants can “understand where their customers are ordering from and what ‘optimal locations' may exist for additional stores.” Id. ¶ 149. Uber Eats and Grubhub offer similar tools. Id. ¶¶ 481-82, 491 (Uber Eats); Id. ¶ 544(c) (Grubhub).
Restaurants can also use Plaintiffs' advertising offerings that leverage customer data. Pl. 56.1 ¶ 112; Def. 56.1 ¶ 467 (DoorDash); Pl. 56.1 ¶¶ 484, 487, 492-93 (Uber Eats); Id. ¶ 544(c) (Grubhub). For example, DoorDash permits restaurants to run a “First Order, $0 Delivery Fee” promotion to target diners who have not previously ordered from those businesses. Id. ¶ 144. And, customer information can “define specific advertising cohorts,” permitting Uber Eats to (for example) send an ad for chicken to someone who “eat[s] a lot of chicken.” Id. ¶ 290.
D. Impact on Plaintiffs' Businesses
Plaintiffs have not conducted a formal study of the impact of the Customer Data Law on their businesses. Def. 56.1 ¶¶ 90, 101, 107, 604. Plaintiffs use customer information to enhance their own products. Pl. 56.1 ¶¶ 135, 136-39, 142, 149-51 (DoorDash); Id. ¶¶ 284-89 (Uber Eats); Id. ¶¶ 560-61 (Grubhub). Plaintiffs have spent “millions of dollars” developing their products, and on advertising and marketing. Id. ¶¶ 115, 128, 259, 562. Plaintiffs have also invested resources in data security. Id. ¶¶ 233, 296, 590-95. The City does not dispute that Plaintiffs would have to expend resources to change their products to comply with the Customer Data Law. Id. ¶¶ 84-90.
III. Passage of the Customer Data Law
On June 27, 2019, the New York City Council's Committee on Small Business held a hearing regarding the impact of “digital food delivery apps” on “local restaurants and the food industry.” Def. 56.1 ¶ 1. At the hearing, the executive director of the New York City Hospitality Alliance-a nonprofit organization representing restaurants and nightlife establishments-asked the City Council to “explore who owns the customer data and whether a restaurant transacting a large amount of business on a food delivery platform will lose all of those customers if it leaves the platform.” Id. ¶ 6. Representatives from both Grubhub and Uber Eats testified that they do not provide customer data to restaurants. Id. ¶¶ 12, 16.
Councilmember Keith Powers presented Introduction No. 2311-2021 (the “Bill”), the precursor to the Customer Data Law, on May 12, 2021. Def. 56.1 ¶ 64; Pl. 56.1 ¶ 16. On June 8, 2021, the City Council's Committee on Consumer Affairs and Business Licensing held a public hearing. Id. ¶ 69. At the hearing, Councilmember Powers said, “We do want to make sure that we [] strike the right balance and equity between those that hold the information and those that supply the goods and services, and that's ultimately the intention of my bill.” Id. ¶ 71. Powers explained, “[T]his has been such a hard year for our restaurants and our local businesses and this is a really good opportunity for us again to look at them and think about ways to keep them surviving here in the city, but also give them a better opportunity to compete and to be able to stay in our communities for a very long time.” Id. ¶ 72. Powers stated that the Bill would require “more information sharing” and would allow restaurants to “use [customer] data when it comes to marketing.” Pl. 56.1 ¶ 19. Councilmember Diana Ayala remarked that customer data “is one of the most important tools restaurants can use to develop marketing strategies and customer relations.” Id. ¶ 20. Councilmember Antonio Reynoso said that the Council “should be” “look[ing] out for the restaurants.” Id. ¶ 21.
Andrew Rigie, the executive director of the New York City Hospitality Alliance, stated at the hearing, “[B]y withholding the data the [Delivery Services] have enormous leverage over restaurants, because restaurants can't leave the platform because then essentially they leave their customers, and then the [Delivery Services] will use that customer data to market to competitor restaurants.” Def. 56.1 ¶ 75. Rigie argued that the law would “even the playing field” and allow restaurants “to reach out [to] their customers to market to them and really own that delivery [] customer, who is their customer.” Id. In written testimony, the New York State Restaurant Association asserted that restaurants “need to be able to reach out directly to their customers, whether to give an update on an order, or offer a promotion.” Pl. 56.1 ¶ 28.
Also on June 8, 2021, the City Council's Government Affairs Division issued a committee report (the “June 8 Report”) regarding the Bill. Id. ¶ 108. The June 8 Report analyzes why collecting customer data is beneficial for restaurants. Id. ¶ 109. Specifically, it states that such information “can be a useful mechanism to drive future profits for restaurant owners, including growing the loyalty of a restaurant's existing customers and reaching new audiences.” Id. The June 8 Report explains that Delivery Services limit restaurant access to customer data and faulted Delivery Services for depriving restaurants of a “record of specific customers placing repeat orders.” Id. ¶¶ 114, 116. It expresses concern that Delivery Services “may use customer data from rival restaurants to promote those restaurants that have agreed to pay a higher commission fee.” Id. ¶ 117.
An amended bill was introduced on July 22, 2021, as Introduction 2311-A (the “Revised Bill”). Def. 56.1 ¶ 143. The Revised Bill added the Restaurant Request, Opt-Out, Presumed Consent, and Consent Withdrawal Provisions. Pl. 56.1 ¶ 58; see Def. 56.1 ¶¶ 146-51.
On July 29, 2021, the City Council's Government Affairs Division issued another report related to the Revised Bill (the “July 29 Report”). Def. 56.1 ¶ 155. The July 29 Report sets forth the following findings:
• Eighty percent of New York City's restaurants employ fewer than 20 persons, while only one percent exceeded 500 employees. Id. ¶ 156.
• Restaurants are the second-largest component of the City's tourism industry, after accommodations. Id. ¶¶ 157-58.
• The restaurant industry needs support “as it weathers ongoing effects of the Covid-19 pandemic.” Id. ¶ 159.
• Delivery Services typically charge commissions and additional fees for increased visibility on the platform, access to customer information, promotions and marketing, and delivery. Id. ¶ 160.
• Delivery Services collect and analyze data supplied by restaurant customers and share this data with third parties. Id. ¶¶ 161-64.
• However, Delivery Services “share very little with the restaurants the customer is ordering from” and limit restaurants' ability to retain data on customers. Id. ¶¶ 165-66.
• The Delivery Services “only act as a conduit for the order, which is placed with the restaurant.” Id. ¶ 167. “Consumers using [Delivery Services] are clearly customers of the restaurants from which they order, but restaurants are precluded from equitable access to this data.” Id. ¶ 172.
• Restaurants “are often left with no records regarding loyal, repeat customers.” Id. ¶ 168.
• Data analytics allow Delivery Services to “expose customers to restaurants that pay a higher commission.” Id. ¶ 169. Delivery Services have “list[ed] false information about a restaurant (for example, listing it as closed), in order to direct traffic to a restaurant paying higher commissions and fees.” Id. ¶ 170.
• “[C]ustomer data can [] be a very useful mechanism to drive future profits for restaurant owners, including growing the loyalty of a restaurant's existing customer base and reaching new audiences.” Id. ¶ 173.
• “[C]ustomer contact information can inform business decisions and enable restaurants to conduct specific outreach to retain customers.” Id. ¶ 175.
• “[I]f restaurants had access to their customer data they could offer promo codes, discounts, and new menu items, which could help turn infrequent or new customers into loyal customers.” Id. ¶ 176. They also could “assess the popularity of menu items and further develop relationships in the community.” Id. ¶ 177.
On July 29, 2021, at a hearing held by the Committee on Consumer Affairs and Business Licensing, Councilmember Powers stated that the Revised Bill was “part of an effort” to “support our restaurants and bars.” Pl. 56.1 ¶¶ 63-64. Several councilmembers, including Brad Lander, Carlos Menchaca, and Kalman Yeger, expressed concerns about the bill's potential impact on consumers' “data privacy.” Id. ¶¶ 66-68; see also id. ¶ 68 (Councilmember Yeger stating that the bill “has nothing to do with COVID-19” and is an “anti-consumer bill.”).
Later that day, at a full City Council hearing, City Council Speaker Corey Johnson said that the Revised Bill, along with four others that were passed that day, would “help small mom and pop restaurants” and would “help create an equitable playing field between these platforms and the restaurants that use them.” Id. ¶ 69; Def. 56.1 ¶¶ 153-54. Councilmember Yeger remarked that, although he did not like the “app industry,” he felt that the Revised Bill “weaponize[d] . . . the pandemic for purposes of attacking an industry that we don't like,” and he objected to the transfer of data from one party to another. Pl. 56.1 ¶ 71. On July 29, 2021, the City Council passed the Revised Bill with thirty-five affirmative votes, six negative votes, two abstentions, and six absences. Def. 56.1 ¶ 152; Pl. 56.1 ¶ 75.
Following the Revised Bill's passage, Mayor Bill de Blasio neither approved nor returned it with objections within 30 days, so the Customer Data Law was enacted and titled Local Law 90-2021 on August 29, 2021. N.Y.C. Local Law No. 2021/090; see Def. 56.1 ¶ 178; Pl. 56.1 ¶ 77. The law had an effective date of December 27, 2021. Pl. 56.1 ¶ 79. It is codified at New York City Administrative Code § 20-563.7.
IV. Procedural History
On September 15, 2021, DoorDash filed its complaint and moved for a preliminary injunction. ECF Nos. 1, 5. On October 4, 2021, the parties stipulated that the City would not enforce the Customer Data Law against DoorDash, and DoorDash withdrew its preliminaryinjunction motion. ECF No. 29. Uber Eats and Grubhub filed their actions on December 3 and 10, 2021, respectively, and the City agreed to stay enforcement. ECF Nos. 1, 15, No. 21 Civ. 10347; ECF Nos. 1, 19, No. 21 Civ. 10602. By order dated January 7, 2022, the Court consolidated the three actions. ECF No. 43.
By joint stipulation dated January 4, 2024, Plaintiffs voluntarily dismissed their claims pursuant to the Dormant Commerce Clause of the United States Constitution, the Due Process Clauses of the United States and New York Constitutions, the Equal Protection Clauses of the United States and New York Constitutions, and preemption pursuant to New York Civil Rights Law §§ 50-51. ECF No. 157.
Before the Court are the parties' cross-motions for summary judgment. Pl. Mot.; Def. Mot.; see Pl. Mem., ECF No. 153 (redacted); Pl. Reply, ECF No. 181 (redacted); Def. Mem., ECF No. 171 (redacted); Def. Reply, ECF No. 192 (redacted).
The Court addresses Plaintiffs' sealing requests by separate order. See ECF No. 213.
LEGAL STANDARD
Summary judgment is appropriate when the record shows that there is no genuine dispute as to any material fact and that the moving party is entitled to judgment as a matter of law. Fed.R.Civ.P. 56(a); Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 247-48 (1986); Celotex Corp. v. Catrett, 477 U.S. 317, 322-26 (1986). A genuine dispute exists “if the evidence is such that a reasonable jury could return a verdict for the nonmoving party.” Anderson, 477 U.S. at 248.
The moving party initially bears the burden of informing the Court of the absence of a genuine dispute of material fact by citing particular evidence in the record. Fed.R.Civ.P. 56(c)(1); Celotex, 477 U.S. at 323-24; Koch v. Town of Brattleboro, 287 F.3d 162, 165 (2d Cir. 2002). If the nonmoving party has the ultimate burden of proof at trial, the movant may also satisfy its own summary judgment burden by demonstrating that the nonmovant cannot produce admissible evidence that supports the existence of a triable issue of material fact. Celotex, 477 U.S. at 322-23; PepsiCo, Inc. v. Coca-Cola Co., 315 F.3d 101, 105 (2d Cir. 2002) (per curiam). If the moving party meets its initial burden, the burden then shifts to the opposing party to establish a genuine dispute of material fact. Beard v. Banks, 548 U.S. 521, 529 (2006); PepsiCo, 315 F.3d at 105. “Although a party opposing summary judgment need not prove its evidence in a form admissible at trial or under the evidentiary standard which will be required, it must show facts sufficient to enable a reasonable mind to conclude that a material dispute of fact exists.” Healy v. Chelsea Res. Ltd., 736 F.Supp. 488, 491-92 (S.D.N.Y. 1990) (citation omitted). In deciding each cross-motion for summary judgment, the Court views the record in the light most favorable to the nonmoving party. Koch, 287 F.3d at 165.
DISCUSSION
I. First Amendment
“The First Amendment prohibits governmental abridgement of the freedom of speech.” Commodity Futures Trading Comm'n v. Vartuli, 228 F.3d 94, 110-11 (2d Cir. 2000) (cleaned up). “At the heart of the First Amendment lies the principle that each person should decide for himself or herself the ideas and beliefs deserving of expression, consideration, and adherence.” Turner Broad. Sys., Inc. v. FCC (Turner I), 512 U.S. 622, 641 (1994). Speech serves “the pursuit of truth, the accommodation among interests, the achievement of social stability, the exposure and deterrence of abuses of authority, personal autonomy and personality development, [and] the functioning of a democracy.” Vartuli, 228 F.3d at 111. Freedom of speech is “indispensable to the discovery and spread of political truth.” Whitney v. California, 274 U.S. 357, 375 (1927) (Brandeis, J., concurring).
Plaintiffs argue that the Customer Data Law infringes the First Amendment by requiring them to furnish data to restaurants that they otherwise would not provide. The parties disagree as to (1) whether the First Amendment is implicated at all; (2) if it is, what level of scrutiny the Court should apply; and (3) whether the Customer Data Law passes muster.
The City argues that Plaintiffs' pre-enforcement First Amendment challenge must be construed as a facial challenge. Def. Mem. at 32-33; Def. Reply at 6-8. The Court disagrees. The Supreme Court “has permitted preenforcement, as-applied challenges under the First Amendment.” Upsolve, Inc. v. James, 604 F.Supp.3d 97, 108 (S.D.N.Y. 2022) (citing, inter alia, Holder v. Humanitarian L. Project, 561 U.S. 1, 14-16 (2010)). The Second Circuit has stated that the Court should “adjudicate as-applied challenges before facial ones in an effort to decide constitutional attacks on the narrowest possible grounds.” Kane v. De Blasio, 19 F.4th 152, 174 (2d Cir. 2021). Although some Circuit precedent may seem to suggest that a pre-enforcement lawsuit must be construed as a facial challenge, the Supreme Court “has eschewed any such bright line rule.” Upsolve, Inc., 604 F.Supp.3d at 108. Here, it is “more sensible to frame Plaintiffs' challenge as an as-applied one,” as the constitutionality of the Customer Data Law “can be adjudicated on the factual basis” of Plaintiffs' specific product offerings and agreements with merchants. Id.
A. Application of the First Amendment
The first question is whether the Customer Data Law “regulates ‘speech' within the meaning of the First Amendment.” Universal City Studios, Inc. v. Corley, 273 F.3d 429, 449-50 (2d Cir. 2001). The Court concludes that it does.
“‘Speech' is an elusive term, and judges and scholars have debated its bounds for two centuries.” Id. at 446. But, “the creation and dissemination of information are speech within the meaning of the First Amendment.” Sorrell v. IMS Health, 564 U.S. 552, 570 (2011). “Even dry information, devoid of advocacy, political relevance, or artistic expression, has been accorded First Amendment protection.” Universal City, 273 F.3d at 446; see Rubin v. Coors Brewing Co., 514 U.S. 476, 481 (1995) (“[I]nformation on beer labels constitutes commercial speech.”).
Sorrell, for example, involved a Vermont law that banned pharmacies from selling data about physicians' prescribing practices for drug-marketing purposes. Sorrell, 564 U.S. at 55859. When “data miners” and pharmaceutical manufacturers challenged the law on First Amendment grounds, Vermont contended that the law implicated “conduct, not speech”-akin to “a ban on the sale of cookbooks, laboratory results, or train schedules.” Id. at 570. The Supreme Court disagreed, finding instead that there was “a strong argument that prescriber- identifying information is speech for First Amendment purposes.” Id. As the Court explained, “[a]n individual's right to speak is implicated when information he or she possesses is subjected to ‘restraints on the way in which the information might be used' or disseminated.” Id. at 568 (quoting Seattle Times Co. v. Rhinehart, 467 U.S. 20, 32 (1984)).
Under Sorrell, the Customer Data Law implicates speech. Customer data is information within Plaintiffs' possession. And, the Customer Data Law restricts how Plaintiffs can use the customer data they collect. Previously, when restaurants requested customer data from Plaintiffs, they could decline to provide it. See Sommers Dep. at 148:4-149:10 (testifying that [Redacted]). Under the Customer Data Law, Plaintiffs have only one option: They must provide specific customer data in a machine-readable format at least once a month. See N.Y.C. Admin. Code § 20-563.7(c).
Of course, the individual diners know their own names, delivery addresses, phone numbers, email addresses, and order contents. However, the Customer Data Law requires that the information be provided not by diners directly, but by Plaintiffs. Pursuant to their privacy policies, Plaintiffs collect customer data for various uses. See Pl. 56.1 ¶ 126; Def. 56.1 ¶¶ 566-68 (DoorDash); Pl. 56.1 ¶¶ 279-83 (Uber Eats); Id. ¶¶ 560-61 (Grubhub). In the July 29 Report, the City recognizes this, writing that, when people place orders with Delivery Services, those companies “take ownership of valuable customer information.'” Pl. 56.1 ¶ 127.
As the State did in Sorrell, the City argues that the Customer Data Law regulates Plaintiffs' conduct, not their speech. It is true that “the First Amendment does not prevent restrictions directed at commerce or conduct from imposing incidental burdens on speech.” Sorrell, 564 U.S. at 567. But, this rule is applicable only when a restriction on speech is a necessary byproduct of the government's regulation of conduct. See Expressions Hair Design v. Schneiderman, 581 U.S. 37, 47 (2017). If the City passed a law requiring Plaintiffs to treat all restaurants equally, for example, and Plaintiffs chose to provide data to one restaurant, the law's nondiscrimination mandate could constitutionally require Plaintiffs to provide data to all restaurants. Although the law would require speech, the speech would be incidental to the regulation of conduct-treating all restaurants equally. See Rumsfeld v. F. for Acad. & Inst. Rts., Inc. (FAIR), 547 U.S. 47, 55, 60-62 (2006). Another example would be a requirement that Plaintiffs ensure that each order is delivered safely. Although that law might require Plaintiffs to speak to the restaurant, customer, and delivery person, that speech would be incidental to the regulation of conduct. By contrast, the Customer Data Law directly regulates what Plaintiffs can (indeed, must) “say” to the restaurants that use their services. See Expressions Hair Design, 581 U.S. at 47-48; Nat'l Inst. of Fam. & Life Advocs. v. Becerra (NIFLA), 585 U.S. 755, 770 (2018). In other words, regulation of speech is the object-not an incidental byproduct-of the law.
The City also argues that, unlike in Sorrell, customers have a contractual relationship with the restaurants from which they order based on the New York Uniform Commercial Code. Def. Reply at 2-3. But this is a distinction without a difference. The City does not, for example, point to a portion of the Code that requires the transmission of customer data.
The City next contends that the First Amendment is not implicated because Plaintiffs are nothing more than passive intermediaries for diners' speech. Def. Mem. at 33-36. By analogy, the City relies on Restaurant Law Center v. City of New York, 360 F.Supp.3d 192 (S.D.N.Y. 2019), which addressed a New York City law requiring fast-food employers-upon an employee's authorization-to deduct voluntary contributions from the employee's paycheck and send them to the nonprofit organization of the employee's choosing. The district court rejected the employers' First Amendment challenge, reasoning that “an entity's mere transmission of others' speech does not necessarily constitute speech of that entity.” Id. at 210. Although the employers served as intermediaries, “they ha[d] no discretion as to the recipient of their employees' donations,” and their “act of sending a check to an employee's designated non-profit recipient” was a “mere ministerial act, not speech.” Id. at 212 (quotation marks omitted).
Unlike the employers in Restaurant Law Center, Plaintiffs are not mere transmitters of information; they are more like brokers, making a market between the diner who is searching for food and the restaurant who is searching for customers. Under Plaintiffs' privacy policies, individuals provide data to Plaintiffs with the understanding that Plaintiffs may disclose the information to third parties. See Pl. 56.1 ¶ 126; Def. 56.1 ¶¶ 566-68 (DoorDash); Pl. 56.1 ¶¶ 279-83 (Uber Eats); Id. ¶¶ 560-61 (Grubhub). Because Plaintiffs exercise discretion over who (if anyone) will receive customer data, they are not a mere ministerial mechanism for its dissemination. Cf. Moody v. NetChoice, 144 S.Ct. 2383, 2406 (2024) (“The individual messages may originate with third parties, but the larger offering is the platform's. It is the product of a wealth of choices about whether-and, if so, how-to convey posts having a certain content or viewpoint.”); Volokh v. James, 656 F.Supp.3d 431, 442 (S.D.N.Y. 2023) (“[A] private entity has an ability to make choices about whether, to what extent, and in what manner it will disseminate speech.” (citation omitted)); U.S. Telecom Ass'n v. FCC, 825 F.3d 674, 740 (D.C. Cir. 2016) (“[E]ntities that serve as conduits for speech produced by others receive First Amendment protection . . . [when] the entities are not engaged in indiscriminate, neutral transmission of any and all users' speech[.]”).
The City argues that, under the Customer Data Law, diners consent to the disclosure of their information to the restaurant, which makes it the customers' speech. But, that is not how the law is designed. Rather than requiring a person to agree to transmit her data to the restaurants, the Presumed Consent Provision accepts as true that customers agree to disclose their data-and transmits their information without any action by the customer. N.Y.C. Admin. Code § 20-563.7(b). That is, the Customer Data Law “presume[s]” that customers would like to share their data, then obligates Plaintiffs to carry out the speech act. Id. Crucially for First Amendment purposes, this configuration involves no “expressive” act by the customers themselves. See Moody, 144 S.Ct. at 2393 (providing First Amendment protection to social media platforms “[t]o the extent that [they] create expressive products”); U.S. Telecom Ass'n, 825 F.3d at 742 (examining the “communicative intent of the individual speakers” to determine whether an entity is acting as its conduit); cf. Riley v. Nat'l Fed'n for the Blind of N.C., Inc., 487 U.S. 781, 791 (1988) (“[T]he government, even with the purest of motives, may not substitute its judgment as to how best to speak for that of speakers and listeners.”).
In sum, when the Customer Data Law requires that Delivery Services send customer data to restaurants, it compels speech that falls within the First Amendment's protection.
B. Level of Review
1. “Genre” of Speech
“[N]ot all speech is of equal First Amendment importance.” Dun & Bradstreet, Inc. v. Greenmoss Builders, Inc., 472 U.S. 749, 758 (1985). Therefore, the Court must next “determine the level of scrutiny that applies to the regulation of protected speech at issue.” United States v. Kokinda, 497 U.S. 720, 725 (1990). To do so, the Court first considers the “genre of speech involved.” Safelite Grp., Inc. v. Jepsen, 764 F.3d 258, 261 (2d Cir. 2014). On one end of the spectrum, speech regarding “matters of public concern” lies “at the heart of the First Amendment's protection.” First Nat'l Bank of Bos. v. Bellotti, 435 U.S. 765, 776 (1978) (citing Thornhill v. Alabama, 310 U.S. 88, 101 (1940)). On the other end, certain “well-defined and narrowly limited” categories of speech-including obscenity, defamation, fraud, incitement, and speech integral to criminal conduct-are entirely unprotected. United States v. Stevens, 559 U.S. 460, 468-69 (2010) (quoting Chaplinsky v. New Hampshire, 315 U.S. 568, 571-72 (1942)). In the middle is commercial speech, which enjoys “a limited measure of protection, commensurate with its subordinate position in the scale of First Amendment values.” Ohralik v. Ohio State Bar Ass'n, 436 U.S. 447, 456 (1978). The City argues that the Customer Data Law regulates commercial speech; Plaintiffs contend that it regulates “non-commercial speech.” Pl. Mem. at 28. The Court agrees with the City.
Commercial speech is “expression related solely to the economic interests of the speaker and its audience.” Cent. Hudson Gas & Elec. Corp. v. Pub. Serv. Comm'n of N.Y., 447 U.S. 557, 560-61 (1980). The “core notion of commercial speech” is “speech which does no more than propose a commercial transaction,” like an advertisement or proposal of employment. Bolger v. Youngs Drug Prods. Corp., 463 U.S. 60, 66 (1983) (quotation marks and citation omitted); see Vugo, Inc. v. City of New York, 931 F.3d 42, 48-50 (2d Cir. 2019); Centro de la Comunidad Hispana de Locust Valley v. Town of Oyster Bay, 868 F.3d 104, 112 (2d Cir. 2017). The Customer Data Law does more: It requires Plaintiffs to convey information that is not part of an advertisement and does not by itself “propose a commercial transaction.” Bolger, 463 U.S. at 66. Therefore, it does not fall neatly within the “core” of commercial speech. Bolger, 463 U.S. at 66.
But, courts have viewed the core notion as “a starting point” and have tried to give effect to “a ‘common-sense distinction' between commercial speech and other varieties of speech.” Jordan v. Jewel Food Stores, Inc., 743 F.3d 509, 516-17 (7th Cir. 2014) (quoting Ohralik, 436 U.S. at 455-56); accord Ariix, LLC v. NutriSearch Corp., 985 F.3d 1107, 1115 (9th Cir. 2021); Boelter v. Hearst Commc'ns, Inc., 192 F.Supp.3d 427, 445 (S.D.N.Y. 2016). The Second Circuit examines the “overall ‘nature' and ‘effect'” of the speech, Conn. Bar Ass'n v. United States, 620 F.3d 81, 95 (2d Cir. 2010) (quoting Riley, 487 U.S. at 796), including whether the statement is made “in the context of [a] commercial transaction[],” Bolger, 463 U.S. at 68; see also N.Y. State Ass'n of Realtors, Inc. v. Shaffer, 27 F.3d 834, 840 (2d Cir. 1994); Grocery Mfrs. Ass'n v. Sorrell, 102 F.Supp.3d 583, 627-28 (D. Vt. 2015).
Here, the compelled disclosure of customer data occurs “in the context of [a] commercial transaction[].” Bolger, 463 U.S. at 68. Plaintiffs agree that customer data is economically valuable to them-something that they [Redacted] Sommers Dep. at 146:7 10, 148:2-3; Pl. 56.1 ¶¶ 215-16; Gildersleeve Dep. at 14:6, 68:21-69:4. And, the July 29 Report states that customer data is important to restaurants so that they can more effectively market and make business decisions. Def. 56.1 ¶¶ 173, 175-77; see also Pl. 56.1 ¶ 22; cf. U.S. West, Inc. v. FCC, 182 F.3d 1224, 1232 (10th Cir. 1999) (examining the speaker's ultimate use of data- there, for marketing-in determining the First Amendment interests that attached to the speech). The “combination of [] these characteristics” supports the conclusion that the disclosure of customer data is “properly characterized as commercial speech.” Bolger, 463 U.S. at 67.
To the extent that Plaintiffs argue the speech is noncommercial because it involves the public interest, the Court disagrees. In all but the most fringe cases, customer data is anodyne and “solely in the individual interest of the speaker and its specific business audience.” Dun & Bradstreet, 472 U.S. at 762; accord Trans Union Corp. v. FTC, 245 F.3d 809, 818 (D.C. Cir. 2001).
2. Rational Basis, Intermediate Scrutiny, or Strict Scrutiny
Having concluded that the speech compelled by the Customer Data Law is commercial speech, the Court next determines what level of review it must apply to the law: rational basis, intermediate scrutiny, or strict scrutiny.
Regulations of commercial speech are generally subject to the intermediate-scrutiny test set forth in Central Hudson: “Commercial speech that is not false or deceptive and does not concern unlawful activities . . . may be restricted only in the service of a substantial governmental interest, and only through means that directly advance that interest.” Safelite, 764 F.3d at 261 (citation omitted). But, both the City and Plaintiffs argue that intermediate scrutiny is inappropriate. The City argues for a more lenient test, and Plaintiffs argue for a more stringent test.
The City contends that the Court should apply a rational basis review based on Zauderer v. Office of Disciplinary Counsel, 471 U.S. 626, 651 (1985), which created an exception to intermediate scrutiny for commercial speech involving only a mandated “informational disclosure” (as opposed to a “prohibition on speech”). Safelite, 764 F.3d at 262; see Def. Mem. at 38-40. In Zauderer, the Supreme Court examined an Ohio rule that required attorneys advertising their contingency-fee services to disclose that “the client may have to bear certain expenses even if he loses.” 471 U.S. at 650. In upholding the rule, the Court noted that the required disclosure involved “purely factual and uncontroversial information about the terms under which [the attorney's] services will be available.” Id. at 651. Because the attorney had a “minimal” constitutionally protected interest in withholding that information from potential clients, the regulation was subject to rational-basis review. Id.
The Court is not persuaded that Zauderer applies. In Zauderer, the Supreme Court was concerned that the public could be misled by trickily worded attorney advertisements and found that the required disclosures served a helpful corrective purpose. Id. at 652-53. Here, by contrast, the compelled disclosure is made not to the general public, but to Plaintiffs' competitors-the restaurants. The disclosure, therefore, does not serve the public informational interest that animated Zauderer. Nor does the disclosure concern merely the “terms under which [Plaintiffs'] services will be available”; rather, it reflects data collected by Plaintiffs in the course of their services. Id.; cf. Safelite, 764 F.3d at 264 (noting that Zauderer does not apply to compelled speech “that goes beyond the speaker's own product or service”). Therefore, the Court shall not apply Zauderer's rational-basis review.
The City argues that the Delivery Services and restaurants are partners, not competitors, but it is indisputable that there are competitive aspects to the Delivery Service-restaurant relationship. Indeed, in the June 8 and July 29 Reports, the City made clear that part of the reason it sought to give restaurants access to customer data was to enable them to leave Plaintiffs' platforms. See Healy 30(b)(6) Dep. at 17:6-13 (testifying that restaurants could “cut [Grubhub]out”);GildersleeveDep.at68:21-69:4 (testifying that [Redacted]”); Pl. 56.1 ¶ 35 (New York City Hospitality Alliance representative testifying that customer data was “needed to make the ability to leave a third party provider meaningful”).
Plaintiffs, on the other hand, contend that, the “nature of the law” should trigger strict scrutiny, not intermediate scrutiny. See Safelite, 764 F.3d at 261; Pl. Mem. at 28-31. Although Plaintiffs are correct that government action evincing an improper purpose compels a higher level of scrutiny, the Court “need not decide the issue” of whether strict or intermediate scrutiny applies. Evergreen Ass'n v. City of New York, 740 F.3d 233, 245 (2d Cir. 2014). For the reasons set forth below, the Customer Data Law cannot withstand even intermediate scrutiny.
C. Application of Intermediate Scrutiny
1. Legal Standard
The government can freely regulate commercial speech that concerns unlawful activity or is misleading. Central Hudson, 447 U.S. at 566. But where, as here, the information does not fall into those two categories, courts apply a balancing test to determine whether a commercialspeech regulation passes intermediate scrutiny. Id. Courts inquire into (1) “whether the asserted governmental interest is substantial,” (2) “whether the regulation directly advances the governmental interest asserted,” and (3) “whether [the regulation] is not more extensive than is necessary to serve that interest.” Id. The components of the test are “to a certain extent, interrelated.” Greater New Orleans Broad. Ass'n v. United States, 527 U.S. 173, 183-84 (1999).
To evaluate whether an interest is substantial, the Court must “evaluate the City's asserted goal in enacting the regulation.” Vugo, Inc., 931 F.3d at 51; see Edenfield v. Fane, 507 U.S. 761, 768 (1993) (“[T]he Central Hudson standard does not permit [the Court] to supplant the precise interests put forward by [the government] with other suppositions.”). “When the [g]overnment defends a regulation on speech as a means to redress past harms or prevent anticipated harms, it must do more than simply posit the existence of the disease sought to be cured.” Turner I, 512 U.S. at 664 (quotation marks and citation omitted). Intermediate scrutiny requires that the state “demonstrate that the harms it recites are real.” Rubin, 514 U.S. at 487.
Next, the City must demonstrate that “the speech restriction directly and materially advances the asserted governmental interest” and “will in fact alleviate [the harms identified by the City] to a material degree.” Greater New Orleans, 527 U.S. at 188. “[T]he regulation may not be sustained if it provides only ineffective or remote support for the government's purpose.” Central Hudson, 447 U.S. at 564.
“The last step of the Central Hudson test complements the [prior] step, asking whether the speech restriction is not more extensive than necessary to serve the interests that support it.” Lorillard Tobacco Co. v. Reilly, 533 U.S. 525, 556 (2001) (cleaned up). The fit need not be “perfect, but reasonable; that represents not necessarily the single best disposition but one whose scope is in proportion to the interest served.” Bd. of Trs. of the State Univ. of N.Y. v. Fox, 492 U.S. 469, 480 (1989) (quotation marks and citation omitted).
2. Application
The City argues that it has a substantial interest in protecting the restaurant industry-“a critical sector of the New York City economy”-from the “exploitive practices” of Delivery Services. Def. Mem. at 45. The Customer Data Law seeks to “strike the right balance and equity between those that hold the information and those that supply the goods and services.” Id. at 41 (quoting Def. 56.1 ¶¶ 71-72).
Courts have held that “promoting a major industry that contributes to the economic vitality of the [locality] is a substantial government interest.” Edwards v. District of Columbia, 755 F.3d 996, 1002 (D.C. Cir. 2014) (citing Smith v. City of Ft. Lauderdale, 177 F.3d 954, 95556 (11th Cir. 1999)); Ctr. for Bio-Ethical Reform, Inc. v. City & Cnty. of Honolulu, 455 F.3d 910, 922 (9th Cir. 2006)). Society has an “interest in maintaining the small businesses necessary for functioning neighborhoods.” Melendez v. City of New York, 16 F.4th 992, 1037 (2d Cir. 2021). And, “the Government's interest in eliminating restraints on fair competition is always substantial.” Turner I, 512 U.S. at 664. But, the City cannot simply “posit the existence of the disease sought to be cured”; it must demonstrate that the harms exist, that the regulation posed addresses those harms, and that the regulation is tailored to those harms. Id.
The City identifies three allegedly “exploitive” practices. First, Delivery Services “limit the ability of restaurants to retain data on their own customers,” which hampers restaurants' ability to “reach out to their loyal customers” and “assess menu items' popularity.” Def. Mem. at 42-43 (quoting June 8 Report at NYC0002187-88). Second, Delivery Services may use a restaurant's customer data to promote competitor restaurants that pay the services higher fees, or to establish virtual restaurants that sell meals solely on the platform. Id. at 43. Third, Delivery Services “list[] false information about a restaurant (for example, listing it as closed), in order to direct traffic to a restaurant paying higher commissions and fees.” Id. (quoting July 29 Report at NYC0002235).
The City does not contend that Plaintiffs restrict a restaurant's ability to retain data about orders that they take outside of Plaintiffs' platforms. Regarding the orders on Plaintiffs' platforms, it is more accurate to say that Plaintiffs do not provide restaurants with all five categories of “customer data,” as defined by the Customer Data Law, rather than that they bar restaurants from retaining data.
The Court shall begin with the latter two practices identified by the City. Although the City has explained why these practices harm restaurants and has established a substantial interest in regulating them, it has not provided evidence that the Customer Data Law will in fact affect the objectionable practices. The City states, “[I]t is undisputed that the [Customer Data] Law does not restrict Plaintiffs' use of customer data (such as using the data to provide delivery or marketing services).” Def. Reply at 40. Therefore, Plaintiffs may continue to use customer data to promote competitors. And, the Customer Data Law does not aim at false or misleading statements made by Plaintiffs, even though Central Hudson permits such regulation of commercial speech. The only effect that the Customer Data Law could have on these two practices is to make it more desirable for restaurants, now equipped with data that they could use to target customers, to leave Plaintiffs' platforms. But, even that has a “remote” connection to these practices, Central Hudson, 447 U.S. at 564, because restaurants can leave Plaintiffs' platforms now, see Def. 56.1 ¶ 439 (DoorDash); Pl. 56.1 ¶¶ 383-84, 466 (Uber Eats); Id. ¶¶ 60001 (Grubhub), and Plaintiffs could continue these practices with whatever restaurants choose not to leave the platforms.
In IMS Health, Inc. v. Sorrell, 630 F.3d 263, 275-76 (2d Cir. 2010), aff'd, 564 U.S. 552 (2011), the Second Circuit examined the Vermont statute (discussed supra at 16-17) that prohibited the sale of prescriber-identifiable health data for drug marketing purposes. Vermont asserted an interest in “protecting the privacy of prescribers and prescribing information.” Id. at 275. Because prescriber data could be sold for non-marketing purposes, the Circuit construed Vermont's asserted interest as a twofold “interest in the integrity of the prescribing process itself, and . . . an interest in preserving patients' trust in their doctors.” Id. at 276. But, the Circuit faulted Vermont for failing to “show[] any effect” on these two interests “from the use of [prescriber-identifiable data] in marketing.” Id. The evidence that Vermont put forth was either “speculative” or “merely indicate[d] that some doctors do not approve” of the use of prescriber- identifiable data in marketing. Id. Therefore, the Circuit rejected the “medical privacy” interest as “too speculative to qualify as a substantial state interest under Central Hudson.” Id.
The City's evidence is similarly flawed. The July 29 Report states that restaurants could use customer data to “offer promo codes, discounts, and new menu items” and “assess the popularity of menu items.” Def. 56.1 ¶¶ 176-77. But, Plaintiffs currently provide marketing tools-with solicited listings, promotions, and other forms of advertising-that permit restaurants to reach out to the customers who place orders through their platforms. E.g., Pl. 56.1 ¶¶ 112, 484, 487, 492-93, 544(c). Plaintiffs also provide data analytics that permit restaurants to understand the performance of menu items. Id. ¶¶ 111, 149, 481-82, 491, 544(c).
The City's July 29 Report also claims that Plaintiffs' restrictions on data leave restaurants with no records regarding repeat customers. Def. 56.1 ¶ 168. But, the City has failed to show the effect of this practice on the strength of the restaurant industry. According to the City, the practice affects restaurants because “80% of [them] are small and employ less than 20 employees,” and they “continue to weather the effects of the COVID-19 pandemic.” Def. Mem. at 43; see Def. 56.1 ¶¶ 156, 159. The City does not explain why the size of the restaurants and the fact that they remain affected by COVID-19 make it more likely that withholding customer data will harm the restaurant industry as a whole. The City does not dispute that Plaintiffs provide restaurants with access to customers and orders that they may not otherwise have. Pl. 56.1 ¶¶ 109-10, 277. Certain of Plaintiffs' advertising tools permit outreach to individual customers that have previously interacted with the restaurants. Id. ¶¶ 142-43, 482-85. And, Plaintiffs-through their Storefront, Webshop, and Grubhub Direct products-provide restaurants with back-end support for building their own websites and owning their customer data. Id. ¶¶ 173-75, 432, 566. Accordingly, the City's claim that the Delivery Services' practice of withholding data is exploitative is “too speculative to qualify as a substantial state interest.” IMS Health, 630 F.3d at 276.
“The [s]tate's interest in protecting consumers from ‘commercial harms' [] provides ‘the typical reason why commercial speech can be subject to greater governmental regulation than noncommercial speech.'” 44 Liquormart, Inc. v. Rhode Island, 517 U.S. 484, 502 (1996) (quoting Cincinnati v. Discovery Network, Inc., 507 U.S. 410, 426 (1993)). But, the City has not asserted an interest in consumer protection, and the Court must assess the City's stated interests, not hypothetical ones. Edenfield, 507 U.S. at 768.
The City may prefer that restaurants have access to customer data, but a mere preference for one industry over another is not a substantial state interest. See Safelite, 764 F.3d at 264 (noting that speech that serves “covertly protectionist” goals by “protecting existing businesses” over competitors is disfavored under the First Amendment).
Even if the Court were to find that the City has a substantial interest in ensuring that restaurants obtain data about customers who order food, it has not demonstrated that the Customer Data Law is appropriately tailored to this goal. Under Central Hudson, the Second Circuit has required that the government offer some empirical evidence that there is a “fit” between a speech restriction and the “degree of the harm” it aims to redress. N.Y. State Ass'n of Realtors, 27 F.3d at 844 (emphasis omitted). The Customer Data Law mandates that Plaintiffs hand over specific customer data within their possession. Less restrictive alternatives to promote the same goal include requiring Plaintiffs to offer an opt-in program for customers to send their data to restaurants, providing financial incentives to encourage Delivery Services to provide certain customer data to restaurants, and subsidizing the development of online ordering platforms for individual restaurants. See Pl. Mem. at 32-33. The City has not demonstrated that an incentive-based program or more fine-tuned regulation would be ineffective, and compelling Delivery Services to disclose customer data is incommensurate with the identified harm.
The City could also enact more targeted regulations to address more specific goals. For example, if the City wanted to ensure that restaurants had a record of repeat customers, the City could seek to regulate how Plaintiffs' platforms integrate external customer loyalty programs. If the City were concerned about the fees that Plaintiffs were charging for advertising on their platforms, it could seek to regulate such fees. And, if the City were concerned about Delivery Services misleading restaurants about who owned the customer data, it could seek to regulate that specific practice.
Because the Customer Data Law regulates commercial speech but fails intermediate scrutiny, it violates the First Amendment. Accordingly, the Court GRANTS Plaintiffs' motion for summary judgment and DENIES Defendant's cross-motion for summary judgment.
II. Remaining Claims
The Court's decision on the First Amendment claim prohibits the City from enforcing the Customer Data Law against Plaintiffs and, therefore, provides Plaintiffs with the ultimate relief they seek. “[I]f it is not necessary to decide more to dispose of a case, then it is necessary not to decide more.” Trump v. Anderson, 601 U.S. 100, 118 (2024) (Sotomayor, Kagan, and Jackson, J.J., concurring in judgment) (citation omitted). And, the remaining claims present questions of constitutional and state law, where the Court should be particularly careful not to issue advisory opinions. See Allstate Ins. Co. v. Serio, 261 F.3d 143, 149-50 (2d Cir. 2001) (“It is axiomatic that the federal courts should, where possible, avoid reaching constitutional questions.”); Young v. N.Y.C. Transit Auth., 903 F.2d 146, 163-64 (2d Cir. 1990) (“[N]eedless decisions of state law should be avoided both as a matter of comity and to promote justice between the parties, by procuring for them a surer-footed reading of applicable law.” (quoting United Mine Workers of Am. v. Gibbs, 383 U.S. 715, 726 (1966))). The remaining claims are, therefore, DENIED as moot.
CONCLUSION
For the foregoing reasons, Plaintiffs' motion for summary judgment on the First Amendment claim is GRANTED, and the City's cross-motion for summary judgment on the First Amendment claim is DENIED. On the remaining claims, Plaintiffs' motion and the City's cross-motion are DENIED as moot. By October 7, 2024, the parties shall file a proposed judgment in accordance with this order.
The Clerk of Court is respectfully directed to terminate the motions at ECF Nos. 146 and 163 in docket No. 21 Civ. 7695; ECF Nos. 100, 114, 131, and 142 in No. 21 Civ. 10347; and ECF Nos. 117, 148, and 159 in No. 21 Civ. 10602.
SO ORDERED.