A joint investigation report has shown that Tim Hortons violated federal and provincial privacy law with its app’s location tracking. Tim Hortons is a multinational Canadian fast food restaurant chain based in Toronto.
The investigation found that Tim Hortons’ extensive collection of location information was “not proportional to the benefits it may have hoped to gain from better targeted promotion of its coffee and other products.”
Even after Tim Hortons withdrew plans to use the data for targeted advertising, it continues to collect the information until after the investigation was launched.
The joint investigation stated in June 2020 and was conducted by the Office of the Privacy Commissioner of Canada (OPC) in partnership with Canada’s three provincial private sector privacy authorities in Alberta, British Columbia and Quebec.
“Our investigation also found that Tim Hortons did not implement robust contractual safeguards to limit service providers use and disclosure of customers information. I recognize that the large number of third-party service providers involved in app development is a complicating factor, but this is not an excuse for limiting accountability. Alberta’s law says that you are responsible for what your service providers do on your behalf. And this includes ensuring that there are reasonable security and privacy measures in contracts,” said Jill Clayton, Information and Privacy Commissioner of Alberta.
The sources for this piece include an article in ITWorldCanada.