Tim Hortons' mobile app violated privacy laws by collecting "large amounts" of sensitive geolocation data, according to Canada's Privacy Commissioner Daniel Therrien.
This is the conclusion of a joint investigation by federal and provincial privacy commissioners, made public on Wednesday.
Thus, people who had downloaded the application before the start of the survey, i.e. in 2020, had their movements tracked and recorded every few minutes even when their application was not open, which contravenes the laws. Canada on the protection of personal information.
The application used geolocation data to deduce where users lived and worked, in addition to establishing if they were on the move. It generated a mention whenever users entered or exited businesses competing with Tim Hortons. The same alert was issued each time a user entered a place where sporting events were held, their residence and their place of work.
“Tim Hortons has gone way too far in amassing a huge amount of very sensitive information about its customers. This case once again reveals the harm that technologies that are poorly designed can cause. It also highlights the need for strong laws to protect the personal information of Canadians,” Daniel Therrien, Privacy Commissioner of Canada, said in a statement.
The company stopped tracking this data after the investigation began. The legislative consequences for this kind of action are likely to be minimal, since nothing is provided for in the Privacy Act of Canada and in the laws protecting personal information.
“Without proper due diligence, Tim Hortons collected sensitive customer information through its app, without their proper knowledge or consent. It is to put an end to this type of practice that Quebec has reviewed its legislation protecting personal information in order to give more powers to the Commission and to make businesses more accountable," declared Me Diane Poitras, President of the Commission d'accès à l'information du Québec.
Thus, from September 2023, “significant penalties are provided for companies that do not adopt responsible, transparent and legal practices,” said Ms. Poitras.
