Tim Hortons Illegally Tracked You For A Year — Its Apology Sounds Like A Joke
If you're Canadian, you might be familiar with Tim Hortons. In fact, it might just be your go-to coffee and donuts joint — as opposed to, say, Dunkin' Donuts, which might be the closest stateside equivalent. Like many similar vendors, including Starbucks, which could also be considered a direct competitor, Tim Hortons offers its own rewards program via a mobile app.
On the official Tim Hortons website, you can find references to the aforementioned app, including various deals that you can earn. At first glance, it seems like the kind of thing that'd be attractive to regular customers, especially since Tim Hortons is a reasonably popular spot in Canada. Such deals include a loyalty program wherein you can obtain free drinks and snacks after earning a certain amount of points. However, the app may not be everything that it's cut out to be, according to a recent lawsuit settlement.
On June 1, several Canadian agencies jointly released a document detailing their findings after a formal investigation of the Tim Hortons mobile app, which revealed the app was doing just a bit more than offering deals for food. There's plenty of legal jargon in the document itself, but it can be broken down as such: Canada's government, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), discovered that the Tims app had been using the geofencing service Radar to illegally track user data — namely location data — across apps, even when the Tim Hortons app was closed. This had evidently been going on as far back as 2019. The investigation sprung up as a response to an article by the Financial Post on June 12, 2020, which claimed the Tim Hortons app was specifically tracking the author of the article in question.
The settlement was a cup of coffee and a donut, if you're lucky
As noted in paragraph 93 of the settlement above, Tim Hortons' operating and franchising company, The TDL Group Corp., agreed to delete all tracked user data that had been obtained illegally through the Tim Hortons app. Although, that may not be enough for those affected, especially those who value their privacy and security on the internet. What may be shocking is that the company essentially got off with little more than a slap on the wrist and a warning, and this is especially apparent if you read the fine print. TDL may have to pay nothing at all in terms of damages — if it manages to stay in alignment with PIPEDA over the course of a year. Some have taken notice of this and are actively holding Tim Hortons over the flames.
Others are apparently receiving emails from the Canadian coffee chain that promise free beverages and donuts to those who were affected. This is according to a user on RedFlagDeals, who cited an email from Tim Hortons promising little more than $6.70 worth of baked goods and coffee as an apology for the company's violation of privacy over nearly a year and a half. As would be expected, this didn't go unnoticed by the forum's other users, and the responses were appropriately caustic. The value of consumer data is higher than ever in the digital age, and it sounds like Tim Hortons would do well to pay attention to how companies like Google are tackling privacy issues.