Customer “reminder book”: Cnil recommendations to restaurateurs

Since Tuesday, October 6 and the strengthening of the health protocol, restaurants in Paris and its inner suburbs, in the metropolis of Aix-Marseille and in Guadeloupe can remain open on condition of installing a “reminder book” (sometimes referred to as ” contact book ”). On the model of certain neighboring countries, it is for customers to leave their contact details (name, telephone number, e-mail) next to their time of arrival, in order to facilitate their recall in the event of contamination of a neighboring customer. Responsibility for the restaurateur to organize the thing and keep the data for 14 days, to be able to provide them to the Regional Health Agency or health insurance during the “contact-tracing” procedure.

Contact book in restaurants: should you fear for your privacy?

Restaurant owners are required to set up these reminder notebooks, under penalty of a fine of 135 euros, or even risking the establishment of closure. However, this new mission has only been spelled out very little by the authorities, despite the fact that it is a regulated collection of personal data and, as provided for in the General Data Protection Regulation (GDPR):

The data controller must guarantee the security and confidentiality of the information he holds – in particular he must ensure that only authorized persons have access to this information.

“L’Obs” is the first to have alerted the National Commission for Informatics and Freedoms (Cnil) on the problem, which arouses abroad (especially in Germany, but also in Belgium or Switzerland) complaints about the protection of privacy, after use of these details for commercial, harassment or police purposes. This Wednesday, October 7, the CNIL is finally publishing its advice to restaurateurs, to better supervise the collection of contact details, in the form of five points:

  1. Collect only the necessary data ”, Namely name and telephone number;
  2. Limit the use of data to transmission to health authorities only »(No question of creating a customer base to send promotions);
  3. Inform customers », In particular on this new obligation;
  4. Limit retention »Data, with destruction after 14 days;
  5. And ” secure data », That is to say to privilege the individual forms for each customer, and to keep them in a cupboard or locked room, never in sight of other customers.

To facilitate implementation, the CNIL provides an example of a form to use.

A sheet to give contact details, in a restaurant in Stuttgart

Finally, concerning customers, do they also incur a fine of 135 euros in the event of false declaration of identity on the book? No, since restaurateurs are not police officers and do not have the task of verifying an identity. The Cnil specifies moreover: “ The restaurateur cannot carry out an identity check of the person, for example by asking to produce a supporting document.

The mayor of Paris has also told us that its agents will not ticket customers who do not play the game.

Leave a Reply

Your email address will not be published. Required fields are marked *