Thursday, June 2, 2022

Tim Hortons mobile app illegally tracked users

The mobile app of coffee chain Tim Hortons was found to have been tracking people even when it’s off, despite “misleading” the users to think otherwise. It was gathering user data, including their movement, places of living, as well as places of work. 

After a thorough investigation by state and provincial authorities, the iconic Canadian brand was found to be breaking the law on mobile tracking and data harvesting.

What’s more, the app generated an ‘event’ every time the user would enter a competitor’s premises, a major sports venue, their home, or their office.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Vague language

The initial investigation into Tim Hortons was launched two years ago, and that’s when the company decided to pull the plug on its data harvesting program.

However, it kept a contract with an American third-party location services supplier whose language was “so vague and permissive” that it would have allowed it to sell de-identified location data, The Office of the Privacy Commissioner of Canada said in a press release

The company also said its use of aggregated location data was “limited” to spotting trends, such as whether users switched to other coffee chains, or how the pandemic affected their coffee buying habits. 

The press release further stated that the app “continued to collect vast amounts of location data for a year after shelving plans to use it for targeted advertising, even though it had no legitimate need to do so.”

The company behind the app was ordered to delete all remaining location data, as well as to force third-party providers to do the same. It was also ordered to establish and maintain a privacy management program, and report back to the authorities detailing how it plans on staying compliant with the rules and regulations on data privacy. 

No financial penalty, though, but the company said it would carry out the orders.

Via: Bloomberg



from TechRadar - All the latest technology news https://ift.tt/QtLIsA4

No comments:

Post a Comment

I tried bringing my memories to life with AI and found it works better with dogs than with human hands

MyHeritage gained a lot of attention for turning old photos into videos with its Deep Nostalgia technology in 2024, and they're also th...