Tuesday, July 5

Tim Hortons app violates privacy laws, says Canadian regulator


Financial Post investigation prompted watchdog’s probe

Article content

Tim Hortons’ mobile app collected vast amounts of sensitive personal information without valid consent from its customers, violating federal and provincial laws, according to the findings of an investigation carried out by a coalition of Canadian privacy watchdogs.

Advertisement 2

Article content

In a statement, Federal privacy commissioner Daniel Therrien called the breach a “mass invasion” of Canadians’ privacy and said it was “unacceptable that private companies think so little of our privacy and freedom that they can initiate these activities without giving it more than a moment’s thought.”

Therrien, along with his counterparts in British Columbia, Alberta and Quebec, launched the investigation into the Tim Hortons mobile app in 2020 following a report from Financial Post reporter James McLeod.

McLeod found the Tim Hortons app had been tracking his movements so closely that it knew where he lived, where he worked, where he vacationed, as well as whenever he walked into certain competing fast-food restaurants. An analysis of months’ worth of data obtained through federal privacy law suggested the app was tracking him even when it was closed.

Advertisement 3

Article content

“What happened here once again makes plain the urgent need for stronger privacy laws to protect the rights and values ​​of Canadians,” Therrien said on Wednesday.

In a news release on Wednesday, Therrien’s office said Tim Hortons “misled many users” into thinking their information was only being accessed when they used the app.

“Our joint investigation tells yet another troubling story of a company that failed to ensure proper design of an intrusive technology, resulting in a mass invasion of Canadians’ privacy,” Therrien said in a statement. “It also highlights the very real risks related to location data and the tracking of individuals.”

The privacy commissioners said Tim Hortons has agreed to delete all the location data in question and create a “a privacy management program” to make sure its app, and any future app, comply with federal and provincial privacy laws.

Advertisement 4

Article content

In response to Wednesday’s reportTim Hortons reiterated that it shut down the app’s location tracking in 2020, after the joint investigation began.

“Data from this geolocation technology was never used for personalized marketing for individual guests. The very limited use of this data was on an aggregated, de-identified basis to study trends in our business — and the results did not contain personal information from any guests ,” spokesperson Michael Oliveira said in an email. ”

“We’ve strengthened our internal team that’s dedicated to enhancing best practices when it comes to privacy and we’re continuing to focus on ensuring that guests can make informed decisions about their data when using our app.”

More to come…

Advertisement

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.



financialpost.com