Tim Hortons will stop tracking your location when you aren’t using their app
Faced with the lawsuit and privacy investigation, the company has decided to stop tracking location data when the app isn’t on – though they are still maintaining that they only ever did so from customers that had given that express permission. A Tim Hortons’ executive commented to The Financial Post:
“We recently updated the Tim Hortons app to limit the collection of location data to only while guests have our app open, even if a guest has selected ‘Always’ in their device settings.”
“No one had the expectation that this information was being collected and retained — the cell phone geolocation data. It’s absurd to think that people were consenting to that.”
Tim Hortons location slurping habit was discovered through investigative journalism
Tim Hortons location slurping habit was discovered by James McLeod of The Financial Post. McLeod publicized the information after requesting a copy of all the data Tim Hortons parent company had stored using his rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) request. He noted that the app started sending location information when the app wasn’t open in Spring of 2019. That coincides perfectly with when Tim Hortons started working with Radar Labs Inc. – an American company that specializes in tracking the users of apps that work with Radar Lab. Other notable companies that work with Radar Labs include Burger King.
In his data, McLeod found that Radar Labs was using the Tim Horton’s app’s location permissions to make a log of every time McLeod visited a potential competitor such as Starbucks. Other insights that McLeod was able to garner from the dump of data include the fact that Radar Labs used the location data to determine where his home was, and if he was there or traveling. In talking with Tim Hortons, McLeod was able to confirm that there are other third parties that get access to tracked data and insights and that Radar Labs holds onto the information for a whole year, as well.
Thanks to McLeod’s initial investigative piece for The Financial Post, Tim Hortons has now stopped the activity and will likely face consequences from the government and on the civil front. Still, this type of data harvesting is commonplace and likely still being used by other name brand restaurant apps. Most people don’t think twice about granting location data to a food delivery app; however, it’s important to know that doing so can lead to this type of situation. Now, both Android and iOS have ways for users to set more granular permissions and enforce that an app can only access location data while it is open. For the many users of such apps that don’t have these settings turned on, now is the time to check.