Tim Hortons Mobile App Serves Up A Piping Hot Cup Of Privacy Law Violations
The Tim Hortons mobile app essentially tracked and recorded the movement of users at all times, as long as their mobile device was on. It created an “event” each time a user “entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace.” It also made particular note of when the user was traveling.
Tim Hortons informed users that they would be tracked, but they implied they would only be tracked when the app was open. The data was supposed to be used for targeted advertising, but this plan never came to fruition. There was therefore no clear reason for Tim Hortons to collect this kind of data. The investigation also discovered that Tim Hortons had created a contract with an American third-party that would have allowed them to easily sell “de-identified” location data.
Tim Hortons claims that it has removed the tracking technology and it did not utilize the data for targeted marketing. The technology was deleted as of 2020 when the investigation began. A representative from the chain commented, “We've strengthened our internal team that's dedicated to enhancing best practices when it comes to privacy and we’re continuing to focus on ensuring that guests can make informed decisions about their data when using our app.”
Top image courtesy of Tim Hortons