On January 29, 2024, the Office of the Privacy Commissioner for Personal Data (PCPD) released a statement on its work in 2023 and a report titled 'Privacy Concerns on Electronic Food Ordering at Restaurants.'

What did the PCPD achieve in its work in 2023?

The PCPD detailed some statistics and information on the work it carried out in 2023, specifically that it:

• received 3,582 complaints, 92% against private organizations and individuals;
• received 15,914 public inquiries, 32% relating to the collection and use of personal data;
• received 793 inquiries relating to suspected personal data fraud;
• received 157 data breach notifications, a 50% increase from 2022;
• initiated 393 compliance checks;
• handled 756 doxing cases, and issued 378 cessation notices to 23 online platforms; and
• initiated 140 criminal investigations and mounted 30 arrest operations.

What were the findings of the report?

The PCPD published a report to present its findings from visiting 60 local restaurants from November 2023 to January 2024 due to personal data collection concerns through the use of electronic food ordering services. The PCPD listed the following findings:

• all restaurants reviewed offered means for non-electronic food ordering;
• four restaurants that offered QR code ordering services collected the personal data of customers;
• four restaurants that provided mobile app ordering services required customers to register an account;
• some restaurants that allowed customers to place orders through mobile apps in the capacity of guests still required customers to provide their personal data; and
• all restaurants that provided mobile app ordering services also used customers’ personal data for user tracking and direct marketing.

The PCPD also published a leaflet providing tips to the public on how to protect their personal data while ordering food using mobile apps or QR codes at restaurants.

You can read the press release here, the leaflet here, and the report, only available in Chinese, here.