Tim Hortons Illegally Collected Location Data, Promises it Won’t Happen Again
Mobile apps can be convenient, which is why there are millions of them available for both Android and iOS. It’s common for some apps to request location access, but they can abuse the permission. Such was the case with the official app for Canadian coffee chain Tim Hortons. Canadian investigators have determined that the company misled its customers and collected a huge volume of location data that revealed where people went, even when they weren’t using the app, according to Ars Technica.
According to the Office of the Privacy Commissioner, Tim Hortons originally intended to use its mobile app for targeted ads and promotions, which would rely on location data. It scrapped those plans, but the app was still recording customer movements. The app would ping the user’s location whenever they got near a Tim Hortons location, their home, work, or a sports venue. It used that data for market research, revealing when people switched to different chains and how they changed their behaviors during the pandemic.
A report in 2020 tipped government regulators to the scheme. In fairness to Hortons, once it was pointed out that maybe it was a bad idea to track all its customers all the time, it updated the Android and iOS apps to remove background tracking. The Office of the Privacy Commissioner also noted that the company’s agreements with third-party data brokers could allow anonymized data to be re-identified.
The outcome of the investigation is probably not what privacy advocates wanted. While Time Horton’s has agreed to delete all the location data it collected and direct third-party service providers to do the same, it won’t face any additional punishment or fines. Regulators say the issue is now “conditionally resolved,” pending follow ups from Tim Hortons to prove it has complied with the law.
Apps running on your phone have access to much more personal data than, for example, a mobile webpage would. That’s why everyone seems to want you to install their app. Without any punitive measures, companies have no incentive to be courteous with your privacy. The good news is that it’s harder for another app to pull the same stunt as Tim Hortons. Both iOS and Android now detect when an app has been using your location in the background and will give you the chance to disable it. You can avoid the problem entirely by only granting location access to apps you trust.