The Tim Hortons The mobile ordering app broke the law by collecting large amounts of location information from customers, an investigation by federal and provincial privacy watchdogs has found.
In a report published Wednesday, privacy commissioners said who downloaded Tim Hortons . App were tracked and recorded their movements every few minutes, even when the app was not open on their phone.
The investigation comes after National Post reporter James McLeod obtained data showing that the Tim Hortons app on his phone tracked his location more than 2,700 times in less than five months.
Federal Privacy Commissioner Daniel Therrien conducted the investigation with privacy commissioners from British Columbia, Quebec and Alberta.
“Our joint investigation tells another troubling story of a company that failed to properly design an intrusive technology that resulted in a massive invasion of Canadians’ privacy,” said Therrien. speak.
“It also highlights the very real risks associated with location data and tracking individuals.”
Trustees found that the Tim Hortons app requested access to mobile geolocation functions, but misled many users into believing that information would only be accessed when the app was in use. .
However, the app tracked the user for as long as the device was turned on, continuously collecting their location data.
Google tracks your movements even when you turn off Location Services
The commissioners said Tim Hortons had collected “massive amounts” of detailed location data for the purpose of delivering targeted ads, to better promote his coffee and related products, but actually The company has never used the data for this purpose.
The app used location data to infer where users live, where they work and whether they are traveling, watchdogs have found.
It generates an “event” every time a user enters or leaves a Tim Hortons competitor, a major sports venue or their home or workplace, the commissioners said in a statement. joint statement.
“The investigation found that Tim Hortons continued to collect location data for a year after shelved plans to use that data for targeted advertising, despite no legitimate need to do so. do so,” the statement said.
“The company says it only uses aggregated location data in a limited way, to analyze user trends – for example, whether users are switching to other coffee chains and their movements. how users changed during the pandemic.”
Tim Hortons said Wednesday the company has taken immediate steps in 2020 to improve the way it communicates with customers about the data they share with the company and is beginning to review its rights practices. privately with outside experts.
“Soon after, we proactively removed the location technology outlined in the report from the Tims app,” the company said in a statement. “Very limited use of this data is on an aggregated, unspecified basis to study trends in our business.”
Tim Hortons Could Have Double Trouble With Mobile Apps
Although Tim Hortons stopped continuously tracking users’ locations after the privacy investigation began, this did not end the risk of surveillance, watchdogs said.
The investigation found that Tim Hortons’ contract with a US third-party location service provider contained “ambiguous and understandable” language that could have allowed the provider to sell location data. unidentified” for their own purposes.
The watchdog warned that there was a real risk that such geolocation data could be “re-identified”.
“Geolocation data is extremely sensitive because it paints a detailed and revealing picture of our lives,” says Therrien.
Daily movement tracking shows where people live and work, as well as information about visits to medical clinics or places of worship, he added. “It can be used to make inferences about sexual preferences, sociopolitical partisanship and more.”
Tim Hortons has agreed to implement the recommendations that the company:
- Delete any remaining location data and direct third-party service providers to do the same
- Set up and maintain a privacy management program for apps
- Report on the measures it has taken to comply with the recommendations
Tim Hortons said the company has beefed up its internal team working to improve security best practices and continues to focus on ensuring customers “can make informed decisions about their data.” when using our app”.
Tim Hortons turns to ‘basics approach’ to help drive sales
It should be emphasized, he added, that “companies have an obligation to make sure they understand the law and comply with it.”
© 2022 Canadian Press