{"id":124842,"date":"2022-06-16T21:56:42","date_gmt":"2022-06-17T01:56:42","guid":{"rendered":"https:\/\/rbach.net\/?p=124842"},"modified":"2022-06-16T21:57:09","modified_gmt":"2022-06-17T01:57:09","slug":"tim-hortons-caught-collecting-private-data","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/tim-hortons-caught-collecting-private-data\/","title":{"rendered":"Tim Horton’s Caught Collecting Private Data"},"content":{"rendered":"\r\n

\"Tim<\/a>The mobile app from coffee shop Tim Horton’s<\/a> <\/strong>has been collecting vast amounts of users private dat<\/strong>a without consent. The Canadian federal privacy commission investigation<\/a> began two years ago after the Financial Post<\/em><\/a> reported<\/a> on Tim\u2019s contract with Radar Labs<\/strong><\/a> Inc. <\/strong>Radar Labs is a third-party U.S. firm that provided enhanced location tracking services<\/a> for the app.<\/p>\r\n

What Private Data Did Tim Horton’s Collect?<\/h3>\r\n

\"Tim<\/a>Between May 2019 and August 2020 the Tim Horton’s app, which has four million users, collected users’ geolocation<\/a> without their knowledge. <\/strong>The app collected personal data from users even when the apps was not being used. People who downloaded the Tim Horton’s app had their movements tracked and recorded every few minutes of every day, even when their app was not open.<\/p>\r\n

Radar was able to use the information it collected in the app to identify personal location data. The app could identify a user\u2019s home, place of work<\/strong> and when they visited a competitor of Tim Horton’s. Reports<\/a> are the app noted when users entered a Starbucks, Second Cup, McDonald\u2019s, Pizza Pizza, A&W, KFC or Subway. The Tim Horton’s app was even able to figure out if users had been traveling. The app generated an \u201cevent\u201d every time users entered or left a Tim Horton\u2019s competitor, a major sports venue, or their home or workplace. Canadian Privacy Commissioner<\/a> Daniel Therrien said in a statement<\/p>\r\n

Tim Horton’s clearly crossed the line by amassing a huge amount of highly sensitive information about its customers<\/em><\/p>\r\n

What Happened to Tim’s?<\/h3>\r\n

\"delete<\/a>According to the report, Tim Horton’s collected granular location data for the purpose of targeted advertising and product promotions. Even though Tim’s never used the information for those purposes<\/strong>. The investigation also found that there were inadequate contractual protections for users’ personal data. Commissioner Therrien commented,<\/p>\r\n

T<\/em>he location tracking ecosystem, where details of our daily lives are treated as a commodity to be exploited to sell us products and services such as a cup of coffee, heightens the risk of mass surveillance<\/em><\/p>\r\n

Based on its findings, the OPC ordered Tim Horton\u2019s to delete the granular data it collected, and any further data derived from it and to order all third-party providers to do the same. Tim Horton’s has since complied. Additionally, the company agreed to create a privacy management program for the app and all future apps to prevent another privacy violation. The Office of the Privacy Commissioner noted<\/a>, there “is a real risk that de-identified geolocation data could be re-identified.<\/em>“<\/p>\r\n

Tim Horton’s has more than 5,100 stores in 13 countries. Most are in Canada, but there are more than 600 in the US, mostly in New York, Michigan, and Ohio.

rb-<\/em><\/strong><\/p>\r\n

Tim Horton’s was caught collecting illegitimate data via its app. It is a safe bet that many more apps are doing much the same with dubious consent. It is essential to always read through a user agreement before consenting. Both Apple and Android offer options on their phones to restrict how their apps track them. A step in the right direction.<\/em><\/p>\r\n

How you can help Ukraine!<\/a><\/strong><\/em><\/p>\r\n

Related article<\/strong><\/p>\r\n