亚洲天堂

Skip to content
  1. Home
  2. Business

Tim Hortons app collected vast amounts of sensitive data: privacy watchdogs

Users had movements tracked and recorded every few minutes, even when app was not open
The Canadian Press
29317788_web1_220601-CPW-Tim-Hortons-privacy-watchdogs-privacy_1
A Tim Hortons cup is seen inside a Tim Hortons restaurant in Toronto, Friday, March 6, 2020. THE CANADIAN PRESS/Cole Burston

The Tim Hortons mobile ordering app violated the law by collecting vast amounts of location information from customers, an investigation by federal and provincial privacy watchdogs has found.

In a report released Wednesday, privacy commissioners said people who downloaded the Tim Hortons app had their movements tracked and recorded every few minutes, even when the app was not open on their phones.

The investigation came after National Post reporter James McLeod obtained data showing the Tim Hortons app on his phone had tracked his location more than 2,700 times in less than five months.

Federal privacy commissioner Daniel Therrien did the probe with privacy commissioners from British Columbia, Quebec and Alberta.

鈥淥ur joint investigation tells yet another troubling story of a company that failed to ensure proper design of an intrusive technology, resulting in a mass invasion of Canadians鈥 privacy,鈥 Therrien said.

鈥淚t also highlights the very real risks related to location data and the tracking of individuals.鈥

The commissioners found the Tim Hortons app asked for permission to access a mobile device鈥檚 geolocation functions, but misled many users to believe information would be accessed only when the app was in use.

However, the app tracked users as long as the device was on, continually gathering their location data.

The commissioners say Tim Hortons collected 鈥渧ast amounts鈥 of granular location data with the aim of delivering targeted advertising, to better promote its coffee and associated products, but that it never actually used the data for this purpose.

The app used location data to infer where users lived, where they worked and whether they were travelling, the watchdogs found.

It generated an 鈥渆vent鈥 every time users entered or left a Tim Hortons competitor, a major sports venue or their home or workplace, the commissioners said in a joint news release.

鈥淭he investigation uncovered that Tim Hortons continued to collect location data for a year after shelving plans to use it for targeted advertising, even though it had no legitimate need to do so,鈥 the release said.

鈥淭he company says it only used aggregated location data in a limited way, to analyze user trends 鈥 for example, whether users switched to other coffee chains, and how users鈥 movements changed as the pandemic took hold.鈥

Tim Hortons said Wednesday the company took immediate steps in 2020 to improve how it communicates with customers about the data they share with the company, and began reviewing its privacy practices with external experts.

鈥淪hortly thereafter, we proactively removed the geolocation technology outlined in the report from the Tims app,鈥 the company said in a statement. 鈥淭he very limited use of this data was on an aggregated, de-identified basis to study trends in our business.鈥

While Tim Hortons stopped continually tracking users鈥 locations after the privacy probe began, this did not end the risk of surveillance, the watchdogs say.

The investigation found that Tim Hortons鈥 contract with a U.S. third-party location-services supplier contained language so 鈥渧ague and permissive鈥 that it would have allowed the supplier to sell 鈥渄e-identified鈥 location data for its own purposes.

There is a real risk that such geolocation data could be 鈥渞e-identified,鈥 the watchdogs warned.

鈥淕eolocation data is incredibly sensitive because it paints such a detailed and revealing picture of our lives,鈥 Therrien said.

Surveillance of everyday movements reveals where people live and work, as well as information about visits to a medical clinic or place of worship, he added. 鈥淚t can be used to make deductions about sexual preferences, social political affiliations and much more.鈥

Tim Hortons agreed to implement recommendations that the company:

鈥 delete any remaining location data and direct third-party service providers to do the same;

鈥 establish and maintain a privacy management program for apps; and

鈥 report on measures it has taken to comply with the recommendations.

Tim Hortons said the company had strengthened its internal team working to improve best privacy practices and continues to focus on ensuring customers 鈥渃an make informed decisions about their data when using our app.鈥

鈥擩im Bronskill, The Canadian Press

More Business

Canada Post reports $315M loss in most recent quarter
Toyota Highlander tops list of Canada鈥檚 most stolen vehicle in 2023
Toyota Highlander tops list of Canada鈥檚 most stolen vehicle in 2023
Mail strike spells trouble for Canada鈥檚 small businesses as holidays loom
Mail strike spells trouble for Canada鈥檚 small businesses as holidays loom
(or

亚洲天堂

) document.head.appendChild(flippScript); window.flippxp = window.flippxp || {run: []}; window.flippxp.run.push(function() { window.flippxp.registerSlot("#flipp-ux-slot-ssdaw212", "Black Press Media Standard", 1281409, [312035]); }); }