Zomato has triggered a nationwide debate after deciding to begin sharing customer phone numbers with restaurants — a dramatic shift from its long-standing practice of masking user data. The move comes after years of conflict between food aggregators and the restaurant industry, but it has also unleashed strong criticism from politicians, privacy advocates and marketing experts, who warn that the decision could open the floodgates to spam calls and intrusive promotions.
As part of a pilot programme, Zomato has started displaying pop-ups asking users to allow restaurants to contact them directly for marketing and promotional activity. Once a customer agrees, the phone number becomes accessible to the restaurant, and there is currently no option to withdraw consent. This marks a clear departure from the existing model in which eateries can see only limited, aggregated information — not the personal details of individual diners.
For years, restaurants argued that masked data prevented them from engaging directly with customers, understanding consumption patterns or resolving issues in real time. The National Restaurants Association of India repeatedly accused Zomato and Swiggy of anti-competitive practices, including deep discounting and high commissions, while arguing that access to customer data would help them personalise experiences and manage marketing costs more efficiently.
However, the company’s new direction has sparked a backlash. Lawmakers Milind Deora and Priyanka Chaturvedi have warned that the policy could violate the freshly notified Digital Personal Data Protection Rules, which require strict opt-in and clear safeguards. They argue that sharing mobile numbers, even with consent prompts, risks exposing millions of users to privacy breaches and relentless promotional messages. Marketing strategist Suhel Seth has also criticised the plan, calling it an unacceptable overreach that could set a dangerous precedent.
On social media, the anxiety is widespread, with many users pointing out that the policy will inevitably lead to an avalanche of unsolicited offers, discount notifications and restaurant advertisements delivered straight to their personal devices.
Zomato’s leadership has attempted damage control. CEO Aditya Mangla clarified that only the phone number will be shared — no address, order history or other sensitive information — and only when explicit consent is granted. Still, critics argue that the problem lies not in the type of data shared but in the long-term consequences of commercialising customer contact details across an industry known for aggressive marketing.
As negotiations with the NRAI continue and Swiggy reportedly explores similar arrangements, the controversy has intensified pressure on regulators and lawmakers to scrutinise whether food-tech platforms are adhering to India’s new data-protection regime.
