When the answer is hard to swallow: The Pinkgreen case and the steep price of privacy.
In Barcelona, as everyone knows, good taste is second nature. But on the streets of the Catalan capital, a recent incident has shown that adding a little “spice” to a discussion doesn't always make the dish more delicious. At the center of the storm is Pinkgreen, a spot famous for its acai bowls—that Amazonian superfruit that promises energy and health—but which ended up in the authorities’ crosshairs not for the quality of its berries, but for an unmanageable digital “thirst for revenge.”
A Burning Star
It all began in the most mundane way possible: a review on Google Maps. Two customers, clearly dissatisfied with their experience, decided to leave the rating every restaurant owner fears most: a single star. No comments, no explanations, just that lone, glowing dot that drags down the venue’s average rating. A bitter pill that Pinkgreen’s management simply couldn’t swallow.
A Recipe for Disaster: Personal Data and Social Media
Instead of responding with the usual professional courtesy or inviting customers to clarify their reviews, the restaurant’s account manager decided to serve up a “dish” decidedly off the menu. Drawing from the social media profiles of the unfortunate customers, the restaurant responded to the reviews by publicly revealing first names, last names, universities attended, and even intimate details such as sexual orientation and the identity of their partners. An attempt at gastronomic “doxing” that turned a simple critique into a violation of privacy. The restaurant’s defense? They argued that, since the information was available on Facebook, it was in the public domain. But the law, as we know, has a much more refined and rigorous palate.
The verdict: a 4,000-euro bill
The Spanish Data Protection Agency (AEPD) intervened promptly, handing the restaurant a verdict hotter than a wood-fired oven. According to the agency, the fact that data is present on social media does not authorize anyone to use it as an “ingredient” for public attacks.
The result? A double violation of the GDPR:
- €1,500 for processing data without a legal basis (Art. 6).
- €2,500 for disclosing highly sensitive data, such as sexual orientation (Art. 9), considered “prohibited ingredients” without explicit consent.
The moral of the story
This incident leaves a bitter aftertaste and a valuable lesson for all restaurateurs: you don’t defend your online reputation by shaming customers. In an era where transparency is essential, knowing how to take criticism is just as much a part of the job as knowing how to prepare a perfect bowl. For Pinkgreen, those two missing stars cost a total of 4,000 euros. A price far too high for an açai that, this time, left everyone with a bitter taste in their mouths.
