Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Designed’ App Tracked Users 24×7
Canadian coffee-and-doughnuts joint Tim Hortons has been politely rebuked by The Office of the Privacy Commissioner of Canada (OPC). Always fresh.
Timmies’ app kept tabs on your location—even when it wasn’t open, OPC says, collecting “vast amounts” of personal data. What’s worse, the Canuck company contracted with a location-services provider in a way that—at best—looks as shady as a keener snowbird in a toque.
But how big a deal is it, really? In today’s SB Blogwatch, we roll up the rim.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: HRH for 70 years.
You’ve Always Got Time for Privacy
What you sayin’, eh? Ismail Shakil reports—“Tim Hortons app tracked movement in violation of privacy laws”:
“Poorly designed”
Canadian coffee chain Tim Hortons’ mobile app regularly tracked and recorded locations of its users even when their app was not open … Canada’s privacy regulator said … concluding a two-year-old investigation. … OPC said [it] underscored harms that can result from “poorly designed technologies.”
…
The privacy authorities recommended that Tim Hortons delete any remaining location data. [The] company has agreed to the recommendations. … Tim Hortons said it had removed the geolocation technology from the Tims app and that location data from it was never used for personalized marketing for individual users.
Oh! Canada. Jim Bronskill adds—“App collected vast amounts of sensitive data”:
“U.S. third-party location services supplier”
People who downloaded the Tim Hortons app had their movements tracked and recorded every few minutes, even when the app was not open. [It] asked for permission [for] geolocation functions, but misled many users to believe information would be accessed only when the app was in use.
…
Tim Hortons collected “vast amounts” of granular location data with the aim of delivering targeted advertising … [but] it never actually used the data for this purpose. [It] used location data to infer where users lived, where they worked and whether they were travelling. It generated an “event” every time users entered or left a Tim Hortons competitor, a major sports venue or their home or workplace.
…
Tim Hortons’ contract with a U.S. third-party location services supplier contained language so “vague and permissive” that it would have allowed the company to sell … data for its own purposes
Would you like a silver lining with that cloud? Kelly Conaboy sarcastically suggestifies thuswise—“How Tim Hortons Could Use Its Surveillance Software for Good”:
“Please don’t be alarmed”
If we’re to believe the chain, it was not using the information for anything at all. Surely they owe all users an apology. … Why not actually use this geolocation data to surprise users with a small coffee and maple donut whenever it seems like they really need one?
Maybe they’ve spent a late night at the office—which you know because you’ve tracked the moment they arrived and the moment they left. Maybe they’re running late for work—which you know because you know when they typically leave their house every morning. Maybe they’re going through a breakup—which you can tell because they haven’t, in quite some time, been to that other house they were at one point regularly visiting.
Beep-beep. Look who it is. Your friendly Tim Hortons spy — ha-ha! Please don’t be alarmed. He was simply able to tell you might need a maple donut and a coffee, based on the information nonconsensually collected from your phone. And isn’t that nice?
Meh, who cares? beloch doesn’t:
Tim Hortons is everywhere in Canada and they used to be decent. The current owners are subsisting on brand recognition and market inertia.
[But] Most people just don’t care enough about privacy issues. Tim Horton’s real problem is that they are becoming known for bad coffee, bad donuts, and bad food, while similarly ubiquitous chains, like McDonald’s, now have decent coffee and have added donuts to their menus. … Practically every truck-stop town that has a Tim Horton’s also has a McDonald’s very close by, so it really is just market inertia propping Tim Horton’s up at this point.
Ah, the power of branding. Miles_O’Toole puts it much more strongly:
There’s no doubt the location data they collected was monetized to the max, no matter what the owners now claim. Brazil-based Restaurant Brands International, the owners, are corporate scumbags.
…
There were worries that when they went up for sale, a lot of their support for charities and non-profits would go away. One of the reasons RBI was successful is that they promised to maintain all Timmy’s existing charitable work. What they didn’t mention is that they persuaded enough Tim Horton’s board members to dump most of the charities as a condition of sale.
…
I haven’t visited Timmy’s since, and I never will again.
Wait. Pause. How big a deal is this, really? David Johnson can’t quite believe it:
I can’t believe everyone is so amazed by this. Isn’t everything we have on our devices including the device itself tracking us? I mean everyday someone brings Alexa into their home and they don’t think Amazon, its AI and algorithms aren’t listing to your every conversation?
The human race really has become stupid.
And neither can SeanC__:
I mean, I’ve just been assuming for years that any app I install is collecting as much information about me as it possibly can.
Why else would every company want me to install an app instead of just visiting the website? Why else would so many companies be offering discounts and freebies if you’ll just put this app on your phone?
But are they selling that data? You better believe it, says blorenz:
I recently attended an automotive dealership conference where I was being pitched for a product that would let me know if my customers were at rival dealerships. I poked and prodded to understand if these were legitimate claims or just marketing hype.
They revealed that they purchased location data from app developers. I was shocked and surprised—I don’t know why I was, because this should have been expected. It really enlightened me on the exploitation and misuse of data by *****y apps.
That’s jokes. Why would anyone install the app? leviathan brings anecdata:
I was traveling on the 401 and stopped … to grab a coffee. The line was extremely long and not moving at all, I had time to download the app, register, place an order, see it print out at the register and someone took it and made my coffee before the line even moved. I just quit the line, moved to the empty section where the mobile orders are and picked up the coffee as I was deleting the app.
And Finally:
The Queen’s Platinum Jubilee: What’s all the fuss about?
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Conor Samuel (via Unsplash; leveled and cropped)
