Customer using smart phone whilst ordering

How are the world’s reopening bars and pubs collecting customer data?

How are the world’s reopening bars and pubs collecting customer data? 1349 899 Chris Wilkie

A version of this was originally published in The Morning Advertiser 29th June 2020

The 43-page government document outlining how UK pubs, bars and restaurants would reopen from July was notable for how many times it used the word “should” rather than “must” – especially on the subject of customer data collection. The pub industry has rightly called for clarity and for a better understanding of venues’ responsibilities.

For now though, the onus is on venue owners to act responsibly, which means collecting the data needed to help the NHS with track and trace, and disposing of it as required. It is also important that venues have robust systems in place, so that they can adapt as the guidance changes, as the UK enters a new phase of the pandemic, or if we see a dreaded second wave. As pubs make their preparations, it is helpful to look at the other countries that are ahead of the UK, both in terms of their timeline dealing with COVID-19 and their reopening of the hospitality sector. This can tell us a lot about the pros and cons of different models for easing lockdown, potential challenges experienced by other countries/venues, as well as the processes and technologies that pubs should explore before July.

Venue-centric approach

New Zealand has been widely recognised for its success in handling the COVID-19 outbreak, and its hospitality sector is no exception. At Alert Level 2, hospitality venues were required to take customer contact details and could refuse access if customers did not provide their information. New Zealand also rolled out a COVID-19 Tracer app for the public to download on smartphones, which involved scanning QR codes when visiting a venue, so that they could track people’s movement.

By all accounts, this system worked well. The rules were crystal clear for both venue owners and their customers, and New Zealand was able to eradicate COVID-19 cases in the country by implementing this kind of quick, clear, and strict instruction. However, it was a laborious task for some venue owners. There were also examples of privacy violations. A New Zealand Subway customer was harassed online by a now-former employee who took the customers’ details in writing. This kind of data privacy abuse is why many consumers were concerned about having to hand over contact information. It is food for thought for UK venues too, who will want to avoid the same kind of scenario.  

Similar rules have been implemented elsewhere in the world too, including Washington State USA, Germany and Switzerland. The Swiss subsequently changed the rules to put the onus on customers to keep track of who they meet and where. This is less work for venue owners, but it is likely to be far less reliable, accurate and effective than the NZ measures – but only time will tell.

Germany decided to keep the responsibility with venue owners. Berlin’s senate “strongly advises” that restaurants take down customer contact details and keep them on file for four weeks. The German population is extremely sensitive to data privacy and security violations, which is likely why it opted against a centralised Government data collection process, but this was not the case in all countries.

Centralised track and trace

To avoid giving venue owners personal data directly, Australia opted for a centralised government track and trace app. Businesses were sent their venue-specific posters printed with QR codes after signing up on a digital portal. Customers were obliged to “scan themselves in” to a location as part of the tracing process.

The benefit to venue owners is clear, but these measures may not work well in countries that have low trust in the Government. There’s also a risk that a huge trove of personal data becomes available to cyber criminals in the case of a data breach – which coincidentally the Australian Government experienced earlier this month.  

In France, the government is doing something unique. It has consulted with tech giants Apple and Google about weakening their existing privacy policies in order to make a contact tracing program more tenable. There are several complexities and challenges when it comes to integrating data across various devices, and with public health data. There is also the issue of whether we should trust ‘big tech’ given its track record on privacy. The concern is that this could have negative implications further down the line and set a precedent for weaker privacy standards.

The right tech and processes for UK venues

As evidenced by the approaches of other countries, contact tracing and data collection are issues of great complexity – in terms of technical requirements, consumer privacy concerns and real-world practicalities. In the face of wishy-washy government advice, the onus is on UK venues to act responsibly. If they can demonstrate that they take the issue seriously, venues will also show they are committed to keeping people safe in their venue. In doing so, they may engender trust and loyalty that will last far longer than the pandemic.

From high-end tech to old-fashioned pen and paper, some options for pubs include:

Pen and paper printed log – Physical ledgers are cheap, fast and easy to implement, but they are probably the worst option available to pub owners. They are unsafe, insecure and susceptible to misuse (as demonstrated by the New Zealand Subway story). If done by a staff member, it’s an extra job on their list, if done by customers it defeats the purpose of social distancing and minimising contact. 

A digital spreadsheet – slightly more secure and definitely more sustainable. However, this is still another job for already busy staff, and even though a touchscreen can be cleaned, the potential for contamination on a heavily used surface is high. Data protection is still questionable in the eyes of GDPR.

Smartphone registration – Having customers sign in via their smartphone makes logical sense, it is contactless and most people will be carrying one anyhow. The pubs that go down this route need to ensure that they are recording this data securely, and that the process is as simple as possible, whether via a QR code, text message or as people register for the guest WiFi. Creating a custom app or website portal will be popular for venues wanting to encourage customers to pay for food and drinks at their table vs crowding at the bar. However, it’s important that all guests are registered, not just the person buying the round. Likewise, it has proved difficult to get customers to download these apps in the past, so venues will need to prompt people to do so. As for the small minority of people without a smartphone, their contact details can be recorded separately. 

Government apps – waiting on the UK Government to release its own app is not an option for pubs opening in July. Even after that, there’s no guarantee people will download it. Only 40% of people in Australia downloaded their COVID app, but universal coverage is essential for keeping people safe.

Booking systems – It is possible that third parties such as JustEat, TripAdvisor, or Booking.com will enter the market to offer pubs a quick and easy way of registering visitors and recording their details when they make a reservation. The disadvantage of this, however, is that these brands maintain the relationship with the customer, rather than the venue. We’ve seen with the restaurant industry that these services can be a bit of a double-edged sword.

With so many options available, it’s important that pubs collect data in a manner that makes customers feel safe, with minimal disruption to familiar experiences. These are strange times and many people will come back to the pub with uncertainty or hesitation. It’s the job of the industry to give them a positive and familiar experience, and to make them feel safe.