Federal privacy commissioner Tim Hortons’ investigation into the mobile app found that the app unnecessarily collected large amounts of data without full consent from users. use.
The reportpublished Wednesday morning, claims that Tim Hortons has collected detailed location data for the purposes of targeted advertising and promoting its products, but that the company has never used the data for other purposes. that purpose.
“The consequences associated with the Application’s collection of such data, much of which is collected when the App is not in use, represents a loss of User privacy, which is not proportional to the potential benefit.” The potential that Tim Hortons can hope to gain from has improved targeted promotion of its coffee and related products,” reads the report.
The joint investigation was launched about two years ago by the Office of the Privacy Commissioner of Canada in conjunction with similar authorities in BC, Quebec and Alberta. It comes after a report from the Financial Post showed that the Tim Hortons app was tracking a user’s geolocation while the user was not using the app.
3rd party has collected geolocation data
Tim Hortons used a third-party service provider, Radar, to collect users’ geo-location data. In August 2020, Tim Hortons stopped collecting location data.
However, the investigation revealed a lack of contractual protections for users’ personal information while being processed by Radar. The report describes language in contract terms as “vague and intelligible”, which could allow Radar to use personal information collected in aggregate or unspecified form for business purposes. own.
“While we accept that Radar does not engage in use or disclosure for its own purposes, the contract language in this case would not appear to constitute adequate protection, by Tim Hortons, for the User’s personal information,” the report reads.
The report says that Tim Hortons also agreed to delete all detailed location data and let third-party service providers do the same, following recommendations from security agencies. The company also agrees to establish a privacy management program for its apps and all future apps to ensure they comply with federal and provincial privacy laws.
The federal law that governs privacy matters is known as the Personal Information and Electronic Documents Protection Act, or PIPEDA.
With these remedies in place, the report found that while the Tim Hortons app did not comply with privacy laws, it has since taken steps to address the issue.
“We’ve strengthened our internal team to advance privacy best practices, and we continue to focus on ensuring that guests can make informed decisions about their data. when using our app,” announced Wednesday from Tim Hortons.