Tim Hortons Mobile App Serves Up A Piping Hot Cup Of Privacy Law Violations
How much is that sweet Tim Hortons’ Honey Cruller worth to you? Is it worth the company constantly being able to know your location? A recent investigation concluded that the Tim Hortons mobile app violated several privacy laws by tracking users even when their app was closed.
The Tim Hortons mobile app essentially tracked and recorded the movement of users at all times, as long as their mobile device was on. It created an “event” each time a user “entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace.” It also made particular note of when the user was traveling.
Tim Hortons informed users that they would be tracked, but they implied they would only be tracked when the app was open. The data was supposed to be used for targeted advertising, but this plan never came to fruition. There was therefore no clear reason for Tim Hortons to collect this kind of data. The investigation also discovered that Tim Hortons had created a contract with an American third-party that would have allowed them to easily sell “de-identified” location data.
Daniel Therrien, Privacy Commissioner of Canada, remarked, “Tim Hortons clearly crossed the line by amassing a huge amount of highly sensitive information about its customers. Following people’s movements every few minutes of every day was clearly an inappropriate form of surveillance.” He argued that the investigation highlights the dangers of geolocation and the importance of transparency. The investigation calls for Tim Hortons and third-parties to delete the data, “establish and maintain a privacy management program” that better protects consumers, and to report back on any new privacy practices that they adopt.
Tim Hortons claims that it has removed the tracking technology and it did not utilize the data for targeted marketing. The technology was deleted as of 2020 when the investigation began. A representative from the chain commented, “We've strengthened our internal team that's dedicated to enhancing best practices when it comes to privacy and we’re continuing to focus on ensuring that guests can make informed decisions about their data when using our app.”
Top image courtesy of Tim Hortons
The Tim Hortons mobile app essentially tracked and recorded the movement of users at all times, as long as their mobile device was on. It created an “event” each time a user “entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace.” It also made particular note of when the user was traveling.
Tim Hortons informed users that they would be tracked, but they implied they would only be tracked when the app was open. The data was supposed to be used for targeted advertising, but this plan never came to fruition. There was therefore no clear reason for Tim Hortons to collect this kind of data. The investigation also discovered that Tim Hortons had created a contract with an American third-party that would have allowed them to easily sell “de-identified” location data.
Tim Hortons claims that it has removed the tracking technology and it did not utilize the data for targeted marketing. The technology was deleted as of 2020 when the investigation began. A representative from the chain commented, “We've strengthened our internal team that's dedicated to enhancing best practices when it comes to privacy and we’re continuing to focus on ensuring that guests can make informed decisions about their data when using our app.”
Top image courtesy of Tim Hortons
