One way to find out how deep the Tim Hortons are in Canadian fabric is to do cross-border comparisons. If McDonald’s, perhaps its closest analogue in the United States, wanted to achieve the per capita reach in that market as Tim Hortons boasts in Canada, it would have to more than triple that 13,000 won American store.
Despite being foreign owned since 2014, Tim Hortons is still waving the Canadian flag as vigorously as possible. But last week, a harsh report by the federal privacy commissioner and three of his provincial counterparts detailed how Tim Hortons ignored a series of laws to spy on Canadians, creating “a mass invasion of privacy rights for Canadians.” Canadian”.
“As a society, we won’t accept that if the government wants to track our movements every few minutes a day,” the federal privacy commissioner, Daniel Therrien, said during the call. its last official press conference. “It is unacceptable that private companies think so little about our privacy and freedom that they can initiate these activities without giving it a little more thought.”
According to the report, the vector for Tim Hortons’ large-scale snooping is its mobile phone app, which was downloaded 10 million times in the three years after it was introduced in 2017. The app initially featured features Typical retail functions involve payments, loyalty points, and ordering.
But privacy commissioners noticed that in 2019, Tim Hortons slipped a new feature. With the help of Radar, a positioning software company based in the United States, it turned the GPS system in a customer’s phone into a corporate tracker. Of course, many apps ask users to allow GPS access on their phone while they’re actively using the app for potentially useful features like locating nearby stores, banks, or restaurants. best.
However, the Tim Hortons app goes beyond that, tracking users around the clock anywhere in the world – even when the app is closed. It not only records their geographical location, but also whether that location is a home, factory or office and even, in many cases, the name of the building they are in. According to the report, it was even recorded whether they were a coffee shop competitor. Continuous tracking takes place even though users are informed that they will only be tracked while using the app.
Initially, the report suggests, Tim Hortons intended that the system would track individuals to send them specific promotions, such as coupons for a Tim Hortons stand, such as at an arena for a hockey match. It dropped plans to monitor individuals but used the data, in aggregate form, to look for patterns and changes in where and when Canadians choose their couple.
The report goes on to detail a range of other flaws, such as inadequate protection of the data the app is collecting and flaws in privacy statements.
The tracking system only shut down in June 2020 after a joint privacy investigation began. It was prompted by an article in The National Post by James McLeod, who discovered that the app continuously recorded his whereabouts, even when he was abroad on vacation.
When the report was released, Mr. Therrien and other privacy commissioners made it clear that Tim Hortons had violated Canadians’ privacy to an unusual degree.
“Location data is extremely sensitive because it paints a detailed and revealing picture of our lives,” he said, adding that “the risks associated with the collection and use of Location information usage remains high, even when ‘undefined’, as it can often be re-determined with relative ease. “
While there are several class-action lawsuits against Tim Hortons underway, the company has not been fined or penalized under federal or provincial privacy laws.
The app is still available for download on both iPhones and Android phones. (I asked Apple and Google if the tracking software violated their app store policies or if they took any action against Tim Hortons. Neither company contacted me back.) .
In an email, Tim Hortons said that it has begun its own privacy review in 2020 and is implementing all of the recommendations in the privacy committee’s report.
“We have strengthened our internal team to advance privacy best practices, and we continue to focus on ensuring that guests can make informed decisions,” the company said. about their data when using our app.”
Mr. Therrien and outside experts have long argued that Canada’s privacy laws, or the system that enforces them, are in need of substantial revision. It took a journalist to discover what Tim Hortons was doing, the official investigation lasted nearly two years and in the end, there was no penalty. Only Quebec’s privacy office currently has the power to impose fines, but the maximum fine it can impose on Tim Hortons, the company’s parent company with $2 billion in revenue in 2020, is 10,000 Canadian dollars.
“The law has no teeth,” said Jill Clayton, Alberta’s information and privacy commissioner.
Mr Therrien says the Tim Hortons case is not an isolated example – it is just one that has been exposed.
“It is clear that what happened at Tim Hortons is happening elsewhere in the crawl ecosystem as well,” he said. “Are there enough safeguards? Obviously not.”
A native of Windsor, Ontario, Ian Austen was educated in Toronto, lives in Ottawa and has covered Canada for The New York Times for the past 16 years. Follow him on Twitter at @ianrausten.
How are we doing?
We’d love to hear your thoughts on this newsletter and events in Canada in general. Please send them to [email protected].
Liked this email?
Forward it to your friends and let them know they can sign up here.