No offers found
TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here’s why you can trust us
By published 2 June 22
Tim Hortons app tracked users even when it was off
The mobile app of coffee chain Tim Hortons was found to have been tracking people even when it’s off, despite “misleading” the users to think otherwise. It was gathering user data, including their movement, places of living, as well as places of work.
After a thorough investigation by state and provincial authorities, the iconic Canadian brand was found to be breaking the law on mobile tracking and data harvesting.
What’s more, the app generated an ‘event’ every time the user would enter a competitor’s premises, a major sports venue, their home, or their office.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
The initial investigation into Tim Hortons was launched two years ago, and that’s when the company decided to pull the plug on its data harvesting program.
However, it kept a contract with an American third-party location services supplier whose language was “so vague and permissive” that it would have allowed it to sell de-identified location data (opens in new tab), The Office of the Privacy Commissioner of Canada said in a press release (opens in new tab).
The company also said its use of aggregated location data was “limited” to spotting trends, such as whether users switched to other coffee chains, or how the pandemic affected their coffee buying habits.
> Users warned of Microsoft data harvesting (opens in new tab)
> Facebook sues analytics firm over alleged data harvesting (opens in new tab)
The press release further stated that the app “continued to collect vast amounts of location data for a year after shelving plans to use it for targeted advertising, even though it had no legitimate need to do so.”
The company behind the app was ordered to delete all remaining location data, as well as to force third-party providers to do the same. It was also ordered to establish and maintain a privacy management program, and report back to the authorities detailing how it plans on staying compliant with the rules and regulations on data privacy.
No financial penalty, though, but the company said it would carry out the orders.
Via: Bloomberg (opens in new tab)
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Thank you for signing up to TechRadar. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.
TechRadar is part of Future plc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).
© Future Publishing Limited Quay House, The Ambury, Bath BA1 1UA. All rights reserved. England and Wales company registration number 2008885.