by David Klemt

McDonald’s Facing Privacy Lawsuit

by David Klemt

Statue of McDonald's mascot Ronald McDonald waving

A McDonald’s customer in Illinois, a state with some of the strictest privacy laws in America, is suing the fast food giant.

The largest fast food chain in the world is testing artificial intelligence in select drive-thrus throughout the Prairie State.

In theory, the technology will become a valuable operational element and enhance the guest journey.

However, one plaintiff in Illinois says McDonald’s is violating the state’s Biometric Information Privacy Act (BIPA).

AI-powered Drive-Thrus

Two years ago, McDonald’s made two significant technology company acquisitions.

In March of 2019, the fast food company purchased Dynamic Yield for a reported $300 million. Six months later, McDonald’s acquired Apprente.

The former acquisition brought “decision tech” to the QSR, using its digital billboards and ordering kiosks to make recommendations to guests depending on preferences, item popularity, and time of day.

The latter purchase is intended to bring automated voice ordering to McDonald’s drive-thrus through artificial intelligence.

Per CNBC, McDonald’s CEO Chris Kempczinski says AI is delivering an 85-percent order accuracy rate in its test stores. Currently, AI is taking 80 percent of the orders at ten Illinois McDonald’s locations.

Clearly, McDonald’s is investing in tech the company believes will enhance and speed up the guest drive-thru experience.

Lawsuit

Shannon Carpenter’s class-action lawsuit alleges that McDonald’s “violated BIPA because it failed to obtain proper consent prior to collecting and disseminating Plaintiff’s and the other class members’ voiceprint biometrics who interacted with its AI voice assistant at its Illinois locations.”

Carpenter filed the lawsuit after visiting a McDonald’s location last year in Lombardi, Illinois. The location is one of ten test stores.

The complaint also says, “McDonald’s AI voice assistant goes beyond real-time voiceprint analysis and recognition and also incorporates “machine-learning routines” that utilize voiceprint recognition in combination with license plate scanning technology to identify unique customers regardless of which location they visit and present them certain menu items based on their past
visits.”

In short, the plaintiff is alleging that McDonald’s is violating Illinois’ BIPA law by:

  • collecting biometric information (voiceprints in this case specifically) without consent;
  • not making the company’s data retention policies public;
  • failing to declare how long customer biometric data will be stored; and
  • not starting how the company intends to use the collected biometric data.

So far, McDonald’s has not released a statement addressing Carpenter’s lawsuit.

Customer Data

How much is one’s privacy worth? The price of a Big Mac or a Quarter Pounder combo?

Guest data and user privacy is a hot-button topic. For example, Apple made big news this year with the rollout of iOS 14.5 and its accompanying privacy features.

Carpenter’s lawsuit against McDonald’s carries implications for how businesses can collect and use guest data.

However, it also highlights an element of operating a restaurant in our tech-driven world.

It has been suggested by some business experts that the adage “cash is king” should be replaced by “data is king.” And yes, customer/guest data is incredibly valuable.

But so is reassuring guests that their data is safe with a given business. Operators, therefore, should be transparent about what guest data they’re collecting and what they intend to do with it.

And, as the McDonald’s lawsuit makes abundantly clear, there are laws governing the collection and handling of guest data. Operators should ensure that they and their partners are handling guest data legally, ethically, and responsibly.

Image: Vijaya narasimha from Pixabay

Top