Invasion of Privacy, Anomaly or New Ethical Abnormal Norm?
Recent events threw into stark relief companies’ abilities to invade your privacy with a few lines of code—and outcomes that raise our eyebrows.
Tim Hortons Tracked Users 24×7
In the case of Tim Hortons of Canada, the company ran afoul of the Canadian privacy authorities at both the national and regional levels. On June 2, 2022, the multi-year investigation into Tim Hortons concluded.
The Tim Hortons app included some special features which, allegedly, the company failed to disclose. Mainly, that the app was following users’ movements and actions and collecting that data without their consent. The Canadian Privacy Commissioner Daniel Therrien described it as, “Tim Hortons crossed the line by amassing a huge amount of highly sensitive information about its customers. Following people’s movements, every few minutes of every day, was an inappropriate form of surveillance.”
The Tim Hortons app integrated a tracking system from a U.S. third-party provider, Radar. While the app obtained user “opt-in” for location tracking, users were not aware that Radar collected and processed their location every few minutes with the intent to:
- Infer the location of a user’s home and place of work and when they were traveling; and
- Identify when the user was visiting a Tim Hortons competitor.
The Commissioner’s office determined Tim Hortons did not have a “legitimate need to collect vast amounts of sensitive location information where it never used that information for the stated purpose.” They added that the “vast majority of [the data] which was collected when the app was not in use, represented a loss of users’ privacy.”
Tim Hortons was admonished and, as of August 2020, has “permanently ceased collecting granular location data, via the App, for purposes of targeted advertising.” In addition, the company has agreed to:
- Delete all the granular location data in question as well as data derived therefrom, and have its third-party service providers do the same, within one month after legal impediments (in the form of a litigation hold) have been lifted; and
- Establish, and thereafter maintain, a privacy management program concerning the app and any other apps that TDL launches in the future, to ensure compliance with the acts.
Tesla Listened In
Recently, MSNBC reported that Tesla was using “social listening” selectively to support the company’s efforts to garner insights about employees’ efforts to unionize and the discussion surrounding sexual harassment claims at Tesla. MSNBC said Tesla asked MWW PR, a public relations firm it employed, to conduct the social listening and MSNBC determined this social listening was occurring after a review of invoices that described the PR firm’s work.
The listening included reporting on what transpired in a Facebook group and, more broadly, across the social media landscape with special interest in any references to “labor practices”. Tesla’s CEO made clear his disdain for organized labor, when in early March 2022, he dared the United Autoworkers union to try and unionize Tesla. And the company faced backlash for scheduling a “health and wellness” session on essential oils that referenced International Women’s Day. This just days after AJ Vandermeyden accused the company of sexual harassment and discrimination in a 2017 sexual harassment lawsuit.
The company, MWW PR, characterized its services as “MWW consulted with Tesla in 2017-2018 on a broad employee communications engagement during a period of rapid growth at the Company. It is a common practice to review media coverage and public social conversation about a company to gain insights into issues and perceptions of stakeholders about the brand.”
The MSNBC piece, shared Jennifer M. Grygiel, a Syracuse University associate professor whose research focuses on propaganda and social media, shared these thoughts on the characterization as ‘common practice’: “Any organization can engage in ‘social listening,’ using publicly available social media data to gain insights for product development, or to understand voters, public and employee sentiment and more. But there are laws in the U.S. that protect the rights of people to organize. If you’re a PR firm, or a manager who has to infiltrate a semi-private group? That’s dishonest. And I doubt Tesla would send a PR firm to figure out how to support workers involved in organizing.”
