Isn’t that a massive breach of data protection laws? I mean good for them for being inventive but as far as I’m aware using data obtained for a stipulated purpose (track and trace) for another reason (contacting the dine-and-dashers) is a massive no-no.
I think the restaurant may have just foot-gunned themselves rather publicly.
Please excuse the spammy source of this (it’s Friday and the only other source on this that I could find was worse in terms of scripts).
Or even the tracing mechanism itself, if would-be participants aren't confident that the purpose limitations will be enforced.