Photo Courtesy EverythingGP Staff

By Tanner Smith

Privacy Laws

Tim Hortons violated privacy laws through mobile app

Jun 1, 2022 | 2:30 PM

Four Privacy Commissions in Canada have finished an investigation into Tim Hortons for violating privacy laws.

The Tims Hortons mobile ordering app asked for permission to track users while using the app but in reality, the app was tracking people as long as their device was on.

The investigation discovered Tim Hortons was collecting vast amounts of location data in 2020 for a year after having plans to use it for target advertising were scratched.

The app was using location data to estimate where users lived, work, and if they were traveling. It would also create an “event” when users left a competitor’s business, a major sports venue, or their home and workplace.

The investigation did also find that Tim Hortons had a contract with an American third-party location service company, which they would allow to sell the “de-identified ” data.

Meaningful Mementos

Remembering Someone You've Lost at Christmas

Dec 03, 2024

Seasonal Sorrow

How Do You Get Through The Holidays When You're Grieving?

Nov 01, 2024

Upcoming Events at Oliver's

Grief & Loss and Estate Planning Seminars

Oct 02, 2024

Jill Clayton, Information and Privacy Commissioner of Alberta says this investigation shows Canadians to be more careful with what they allow to track them…

“This investigation is yet another example where an organization has not effectively notified customers about its practices. Tim Hortons’ customers did not have adequate information to consent to the location tracking that was actually occurring. When people download and use these types of apps, it’s important that they know in advance what will happen to their personal information and that organizations follow through with their commitments.” Clayton added.

Four Canadian Privacy Authorities recommended three actions to Tim Hortons moving forward:

• Delete any remaining location data and direct third-party service providers to do the same.
• Establish and maintain a privacy management program that: includes privacy impact assessments for the app and any other apps it launches; creates a process to ensure information collection is necessary and proportional to the privacy impacts identified; ensures that private communications are consistent with, and adequately explain app-related practices.
• Report back with the details of measures it has taken to comply with the recommendations.

Tim Hortons has agreed to all the recommendations.