People have become so accustomed to having their personal data hoovered up by corporate entities that it has stopped being a surprise when companies like Facebook reveal they’ve been treating us like wildlife tagged with GPS locators. The thing is, not every company makes its living from data brokerage, and so when a reporter for the Financial Post discovered that the Canadian doughnut company Tim Hortons had been tracking his every move, the discovery raised some eyebrows.
So first, yes, the terms of service for the Tim Hortons app did indeed specify that users had the option of disabling GPS tracking. The problem is that the app did not specify that it would continue to track location data even when the app wasn’t open. When reporter James McLeod suspected something was amiss and requested his data using Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) he was surprised to learn that the Tim Hortons app had recorded his location (as measured using latitude and longitude coordinates) over 2,700 times during a period of roughly five months, day and night, and particularly when the Tim Hortons app suspected he was visiting one of the company’s competitors.
McLeod seems to have uncovered something that Timmy’s truly didn’t want people to know about. After the Financial Post broke the story, Tim Hortons changed their privacy statement to more clearly specify that, depending on your device, you might not actually be able to turn the tracking off. And, according to Bloomberg, the news of the tracking was serious enough to trigger an investigation by the Office of the Privacy Commissioner of Canada. This investigation, which is ongoing, may also investigate the privacy procedures of Burger King and Popeyes Louisiana Kitchen, both of which are owned by Restaurant Brands International Inc., the same company that owns Tim Hortons.