Zomato Sparks Privacy Row by Sharing Customer Data With Restaurants

Zomato’s decision to share customer phone numbers with restaurants has sparked a major privacy debate, drawing sharp criticism from politicians, marketing experts, and frequent users. The move marks the biggest shift in India’s food-delivery ecosystem in years and could reshape how restaurants engage with customers — for better or worse.

According to reports, Zomato is in advanced discussions with the National Restaurant Association of India (NRAI) to allow eateries access to customer data for marketing and promotional outreach. Similar conversations are underway with Swiggy as well.

What Is Zomato Changing?

Until now, Zomato and Swiggy have masked user phone numbers, allowing restaurants to confirm orders only through platform-mediated calls and messages. That system prevented restaurants from contacting customers directly.

As part of its pilot, Zomato has begun showing users a pop-up asking for consent to share their number with restaurants. The catch? Once consent is granted, it cannot be withdrawn.

The message reads: “I allow restaurants to reach out to me for promotional activities.”

This has raised red flags among customers and lawmakers.

What Restaurants Want

Restaurants argue that:

• They cannot build long-term customer relationships if platforms hide user data.

• Personalized marketing becomes impossible.

• Their cost of customer acquisition increases due to platform commissions reaching up to 35% in some cases.

The NRAI has long pushed for data transparency, even filing complaints before the Competition Commission of India (CCI) over aggregator practices such as deep discounting and high commissions.

For restaurants, access to user data brings the ability to:

• Understand consumption behaviour

• Fine-tune marketing costs

• Directly confirm order preferences or issues

Why This is Causing a Controversy

The move has triggered a privacy storm.

Lawmakers Milind Deora and Priyanka Chaturvedi termed the proposal a potential breach of personal data rights, especially after the government notified the new Digital Personal Data Protection (DPDP) Rules, which define how personal data should be collected, stored, processed, and erased.

Deora warned that the change could open the floodgates to spam under the guise of “enhanced service,” adding that clear opt-in guidelines were essential.

Chaturvedi indicated that the issue may soon come under Parliament scrutiny.

Marketing expert Suhel Seth also slammed the move as “totally unacceptable”, saying it could expand to misuse of consumption patterns.

Zomato’s Response

Zomato CEO Aditya Mangla has attempted to reassure users, stating:

“If and when consent is provided, only the phone number will be shared. No other information will be shared.”

However, critics argue that phone numbers are the single most sensitive and misused piece of personal data, capable of enabling spam, targeted advertising, and unwanted calls.

What Happens Next?

With food-delivery platforms now at the centre of a national debate, regulators may step in to define clearer data-sharing norms. For now, users choosing to share their numbers may be signing up for more than just food updates — they may be opening their phones to a wave of restaurant marketing.