Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Canada Privacy

Tim Hortons App Violated Laws In Collection of 'Vast Amounts' of Location Data (www.cbc.ca) 117

Posted by BeauHD from the privacy-matters dept.
An anonymous reader quotes a report from CBC News: The federal privacy commissioner's investigation into the Tim Hortons mobile app found that the app unnecessarily collected extensive amounts of data without obtaining adequate consent from users. The commissioner's report, which was published Wednesday morning, states that Tim Hortons collected granular location data for the purpose of targeted advertising and the promotion of its products but that the company never used the data for those purposes. "The consequences associated with the App's collection of that data, the vast majority of which was collected when the App was not in use, represented a loss of Users' privacy that was not proportional to the potential benefits Tim Hortons may have hoped to gain from improved targeted promotion of its coffee and associated products," the report read.

The joint investigation was launched about two years ago by the Office of the Privacy Commissioner of Canada in conjunction with similar authorities in British Columbia, Quebec and Alberta. It came after reporting from the Financial Post found that the Tim Hortons app tracked users' geolocation while users were not using the app. According to a presentation to investors shared in May, the restaurant chain's app has four million active users.

Tim Hortons was using a third-party service provider, Radar, to collect geolocation data of users. In August 2020, Tim Hortons stopped collecting location data. However, the investigation found that there was a lack of contractual protections for users' personal information while being processed by Radar. The report describes the language in the contractual clauses to be "vague and permissive," which could have allowed Radar to use the personal information collected in aggregated or de-identified form for its own business. [...] The report states that Tim Hortons also agreed to delete all granular location data and to have third-party service providers do so as well, as per recommendations from the privacy authorities. The company also agreed to establish a privacy management program for its app and all future apps to ensure they are compliant with federal and provincial privacy legislation. Given these remedies, the report found that while the Tim Hortons app was not compliant with privacy laws, the company has since taken measures to resolve the issues. "We've strengthened our internal team that's dedicated to enhancing best practices when it comes to privacy and we're continuing to focus on ensuring that guests can make informed decisions about their data when using our app," a statement from Tim Hortons released on Wednesday said.
This discussion has been archived. No new comments can be posted.

Tim Hortons App Violated Laws In Collection of 'Vast Amounts' of Location Data More

Tim Hortons App Violated Laws In Collection of 'Vast Amounts' of Location Data

Comments Filter:

  • Just add a user agreement of +1700 pages (Score:3)

    by thesjaakspoiler ( 4782965 ) on Wednesday June 01, 2022 @11:39PM (#62585464)

    nobody reads those anyway when they crave for a coffee.

    • Re: (Score:2)

      by Z00L00K ( 682162 )

      As well as that being insightful I think that the companies collecting data won't really care because they still have the data and have already sold it to a number of companies down the line.

      Now what I'd like to see would be that any media that has touched data that's considered illegal has to be wiped clean (Hillary Clinton would know). And that should include media downstream from the collector as well.

      • Re: (Score:2)

        by jd ( 1658 )

        There is no evidence Clinton did wrong. If the server was B3 or better, it would be a valid departmental server.

        • There is no evidence Clinton did wrong.

          There is circumstantial evidence that Clinton's team destroyed evidence by mass deleting email from the server before handing it over, and she started using a private server on advice from Colin Powell specifically on avoiding discovery. Saying there is no evidence that Clinton did wrong is false.

          • Yeah, not great. But for what it's worth... and as per usual... whatever Trump complains about is just him telling on himself. Pretty much everyone in his orbit was doing the same thing. https://www.washingtonpost.com... [washingtonpost.com] https://www.nytimes.com/2019/0... [nytimes.com] Since we're throwing stones and all.

            • Yeah, not great. But for what it's worth... and as per usual... whatever Trump complains about is just him telling on himself. Pretty much everyone in his orbit was doing the same thing.

              If asked if I think Trump is a criminal fuckbag I will always say yes. But if asked if I think the Clintons are criminal fuckbags I will also say yes.

              FWIW I do think [any] Trump is worse than [any] Clinton in basically every way. I'm just not a fan of either crime family.

          • Re: (Score:2)

            by jd ( 1658 )

            Circumstantial evidence based on friend of a friend allegations. FoaF arguments never get far on Slashdot, you need more. If you can show that the server did not meet the minimum specifications for one that carried classified material, you'd have an argument. If you can show that the communications link did not meet the sort of standards imposed on secure telephonic systems or the minimum requirements for traffic on the classified networks, then you'd also have an argument.

            Even Trump, the DoJ and the FBI co

  • Well that's not very nice, Eh?

  • Assume apps are tracking and siphon unnecessary amounts of data in exchange for unnecessary amounts of ads in the form of unnecessary push notifications.

    The good news is that companies have gotten so stingy with regards to the incentives they provide, that not-installing the apps is almost always preferable to doing so.

    • Re: (Score:1)

      by esev ( 77914 )

      For Tim's and other retail / service / food businesses, I believe the only reason they're offering an app is to extract data from the phone that a web page cannot normally access. I tend to avoid apps and use browser web page shortcut icons instead.

      • I believe the only reason they're offering an app is to extract data from the phone that a web page cannot normally access.

        Corporations want information to be free when it's not their information.
        There's are some very useful laws/regulations that could exist these days that don't exist and would be hard to get passed.
        1. Data brokers aren't required to track where they get or where they give each users personal data to/from.
        2. Companies that collect data to monetize aren't required to provide options to pay to opt out of the sale of that users data. A price that must be near the actual market value for that users data.
        3. Dat

  • I don't go to Timmy's anymore (Score:5, Informative)

    by Miles_O'Toole ( 5152533 ) on Thursday June 02, 2022 @12:32AM (#62585564)

    There's no doubt the location data they collected was monetized to the max, no matter what the owners now claim. Brazil-based Restaurant Brands International, the owners, are corporate scumbags. Tim Horton's was an absolutely stellar corporate citizen as far as charities went. There were worries that when they went up for sale, a lot of their support for charities and non-profits would go away. One of the reasons RBI was successful is that they promised to maintain all Timmy's existing charitable work. What they didn't mention is that they persuaded enough Time Horton's board members to dump most of the charities as a condition of sale. No doubt a lot of pockets were lined with gold. Then, of course, Restaurant Brands International proudly proclaimed that they'd kept their promise.

    I haven't visited Timmy's since, and I never will again.

  • Tim Horton is a restaurant (Score:4, Informative)

    by thegarbz ( 1787294 ) on Thursday June 02, 2022 @02:06AM (#62585714)

    For those of you (like me) who thought it was a person, were very confused, and even more pissed off at the useless editors who can't do the most basic form of editing and think that everyone straight away knows what they are talking about.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      For those of you (like me) who thought it was a person, were very confused, and even more pissed off at the useless editors who can't do the most basic form of editing and think that everyone straight away knows what they are talking about.

      Well, it's technically "Tim Horton's", named after the hockey player (of course) who co-founded the restaurant.

      And, no, I don't eat there. I think the US equivalent would be Dunkin' (as it's now called). Crap coffee, crap doughnuts, crap all around.

      The problem is it's so

    • Over here in Europe we have standards and neither Tim Hortons nor any other self service fast food joint meets the commonly accepted standard for something to be described as a "restaurant".

    • Re: (Score:2)

      by brunes69 ( 86786 )

      The story is flagged with Canada.

      There is not a Canadian in existence that does not know what Tim Horton's is.

      • I visited Slashdot.org, not Slashdot.ca. I visited a nerd news site, not a food review site.

        Above all I visited a site with editors. An editor's job is normally to ensure text in a summary is clear an understandable. But here we are, an international site doesn't explain what Tim Hortons is, but proceeds to run countless tech articles with content such as "the IP address (a unique address assigned to computers on a network)".

        It shouldn't matter where the story is, where it's flagged, or who it's targeted at

  • It is quite sad the amount of corporate surveillance that occurs around the globe. Such a grey area they just do as they please, hope they do not get caught and if they do just plead ignorant. If it were a government we would hold them accountable, however these are basically untouchable by regular people. Then ask yourself what would happen to these services and the Google, MS, Amazon, Facebook etc if the government put the brakes on these companies. They would just threaten to leave and we would have i
  • Tim Horton's makes Starbucks seem good by comparison. Starbucks make mediocre coffee & overcharge horribly for it. I guess north Americans just don't care about the quality of their coffee.

    • Tim Horton's makes Starbucks seem good by comparison. Starbucks make mediocre coffee & overcharge horribly for it. I guess north Americans just don't care about the quality of their coffee.

      Starbucks is overpriced when looked at for a simple cup of coffee/milk/sugar, and I concur that even their 'light' roast seems burnt to me.

      However, the pricing of Starbucks is for it to include an hour or two of sitting down in the building and doing stuff. Whether it's a job interview, a first date, getting a class assignment done, or making a business deal...I've done all of those things at Starbucks, while trying to do those things at a Dunkin' Donuts, a 7-Eleven, or a Wawa seems almost comical.

      Starbucks

      • Re: " a simple cup of coffee/milk/sugar" - Presumably, you mean that abomination that Americans call "drip" coffee.

        And meetings in a café? Who the fuck goes to a café to have meetings? It's where you go to hang out with your family, friends, colleagues, & members of your community to talk, socialise, relax, spend quality time with each other & watch the world go by. It's no wonder America has a mental health crisis.
  • Timmy's has disappointed me for decades - why should they change now? They've just discovered new ways to disappoint me.
  • but that the company never used the data for those purposes.

    Which isn't to say they didn't use the data for other purposes, like outright selling it

  • Home -> Tim Horton -> Beer Store -> Hospital (It's free, eh?) -> Home (hockey game starts shortly)

    Lather, rinse, repeat!

  • We have laughable privacy laws in Canada, that don't protect much of anything. Stunts like this make people assume the government cares, but it's just a smoke show, and a lot of hand waving for nothing. If Canada wants to take "personal privacy" seriously, he's a minimal game plan:

    1. Put a total restriction on any analytic data grab, that is not required for the base functionality of X. This means you can't use services like Google Analytic, or even look up the IP from a user, unless looking up that IP

  • when they stopped selling day old doughnut bags for $5

  • Canada's favourite zombie brand of mobile hot milkshake dispensary owned by a Brazillian hedge fund 3G capital. Been a long time since the pies smelled like cigarettes.

  • I still have a Tim Hortons reward card, which is what they offered prior to introducing the app. It has minimal rewards – after a certain number of purchases, I get a free coffee.

    Ironically, a few days before this story came out, I used my card in one of their stores and it subsequently triggered an invitation by email to complete a Tims Rewards survey. Many of the questions were geared around the app and why I wasn't using the app, to which I cited privacy concerns – the kind of which were just

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close