‘Tim Hortons’ Under Probe Following App Data Collection Revelations

Last updated June 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The ‘Tim Hortons’ app was reportedly collecting troves of data about its users, violating the privacy rights of millions of people, and so investigators have launched a probe now. This was going on discretely for an extended period, as first discovered and reported by Financial Post last month. Reportedly, Tim Hortons app was recording the GPS data of the devices it’s installed on, even hours after the user last used the app. The privacy policy of the app only mentioned that location data is active for as long as the app is actively used, but this didn’t apply in reality.

Tim Hortons, which is a coffee and fast-food chain active in 15 countries, including Canada, was logging very detailed data about its users. Each entry contained the IP address, the Android Advertising ID, carrier data, Bluetooth status, and the geographical location coordinates. After an update in May 2019, Tim Hortons received “radar” data, which enabled the firm to get live updates about whether one of the users is visiting a competitor’s location. The journalist who conducted the investigation, James McLeod, confirmed that all of this was going on in Canada, but the app continued to track him when he traveled to Amsterdam.

All of these revelations forced four Canadian privacy commissioners to launch a joint investigation into Tim Hortons. Even though the app has already stripped the tracking functionality in its latest versions, the violations that already took place cannot be retracted. A representative of Tim Hortons stated that they are ready to cooperate with the authorities and provide all evidence that is required to prove that they did nothing wrong or illegal. In fact, the spokesperson said that the app always allowed the users to switch off the location data sharing. Moreover, the person explained that the only reason they collected GPS data is to analyze the routes that users have to follow to reach the nearest restaurant.

And for the icing on the cake, Tim Hortons is now facing a class-action lawsuit in Quebec, Canada, filed by consumer protection organizations in the area. The lawsuit is asking the court to consider awarding punitive damages of $100 per user per violation of the applicable laws. According to comments made by experts in the legal field, the Quebec Charter of Rights and Freedoms makes the case pretty straight-forward, so the prospects of getting away with the controversial data-collection practices aren’t good for the coffee company. This happened to even bigger companies, as Google also faced a class-action suit for 'Incognito' tracking on Chrome.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: