Canadian Privacy Commissioners allege Tim Horton’s food chain collected vast amounts of sensitive data through its apps
June 5, 2022
Tim Hortons is a Canadian fast food outlet specialising in take away coffees and snacks. It has a large presence in Canada. It heavily promotes its apps to allow customers to order their beverages and food by phone.
The Privacy Commissioner of Canada has found that Tim Hortons app violated privacy laws in collecting vast amounts of sensitive location data. The app permitted Tim Hortons to track and record the users movements every few minutes even when the app was not open. Tim Hortons asked for permission to access geolocations functions but misled users who thought that access would be used when the app was open. In fact the location data was collected even when individuals app was not open. As long as the device was on data was collected. Tim Horton’s only stopped the practice when the Privacy Commissioners began to investigate.
Collection on this scale would give Tim Hortons an enormous amount of raw data from which, with the right algorithms, determine where users lived, where they worked and even when they used a competitor’s product. The question of proportionality was raised by the Privacy Commissioner. And appropriately. In the Australian context the issue is whether the purpose for the collection of that vast amount of data relates to the ordering and purchasing of coffee.
It is no surprise that the Privacy Commissioner found there wasn’t a ” robust privacy management program for the app.” It is a fairly typical story to see the majority of the work being focused on developing a the functionality of the app and making it as attractive to users as possible and considering privacy protections as Read the rest of this entry »