Tim Hortons app collects user data without consent: Difference between revisions

← Older edit

VisualWikitext

@@ Line 1: / Line 1: @@
 {{Incomplete}}
+{{IncidentCargo
+|Company=Radar, Tim Hortons
+|StartDate=2019-05
+|EndDate=2020-08
+|Status=Resolved
+|ProductLine=
+|Product=Tim Hortons App
+|ArticleType=Service
+|Type=Data, Privacy
+|Description=
+}}
 ==Background==
 In June of 2022, reports in Canada went viral regarding the Tim Hortons Android app which was collecting personal information from users phones without consent. Tim Hortons used a third-party service, Radar, to collect geolocation data of users. it is alleged that they stopped this practice in August of 2020. One of the pieces of data reported back to the Tim Hortons servers included information about when a person with this app on their phone was visiting a competitor coffee shop.
@@ Line 7: / Line 16: @@
 ==Tim Hortons app tracked too much personal information without adequate consent (May 2019)==
-Starting in in May 2019 Tim Hortons released updated versions of its App so that it could, with assistance from a US third-party service provider (“Radar”), track and collect the location of Users’ devices. <ref name=":0">{{Cite web |title=Joint investigation into location tracking by the Tim Hortons App |url=https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ |access-date=September 28, 2025 |website=Commissariat à la protection de la vie privée}}</ref>
+Starting in in May 2019 Tim Hortons released updated versions of its App so that it could, with assistance from a US third-party service provider (“Radar”), track and collect the location of Users’ devices. <ref name=":0">{{Cite web |title=Joint investigation into location tracking by the Tim Hortons App |url=https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ |access-date=September 28, 2025 |website=Commissariat à la protection de la vie privée |archive-url=http://web.archive.org/web/20251009200547/https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ |archive-date=9 Oct 2025}}</ref>
 In August 2020, subsequent to notification of investigation by the Office of the Privacy Commissioner of Canada, Tim Hortons permanently ceased collecting granular location data, via the App, for purposes of targeted advertising.<ref name=":0" />
@@ Line 23: / Line 32: @@
 *The contractual protections Tim Hortons implemented to protect Users’ personal information while being processed by a third-party service provider.<ref name=":0" />
-*Accountability, and Tim Hortons’ apparent failure to implement policies and practices to ensure compliance with the Acts.<ref>{{Cite web |title=Joint investigation into location tracking by the Tim Hortons App |url=https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ |access-date=September 28, 2025 |website=Commissariat à la protection de la vie privée}}</ref>
+*Accountability, and Tim Hortons’ apparent failure to implement policies and practices to ensure compliance with the Acts.<ref>{{Cite web |title=Joint investigation into location tracking by the Tim Hortons App |url=https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ |access-date=September 28, 2025 |website=Commissariat à la protection de la vie privée |archive-url=http://web.archive.org/web/20251009200547/https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2022/pipeda-2022-001/ |archive-date=9 Oct 2025}}</ref>
 ==Tim Hortons' response post investigation==
@@ Line 39: / Line 48: @@
 *https://uwaterloo.ca/cybersecurity-privacy-institute/news/tim-hortons-app-violated-privacy-laws-after-collecting
 ==References==
+{{Reflist}}
-<references />
+[[Category:Tim Hortons]]
+[[Category:2019 incidents]]
+[[Category:2022 incidents]]