A joint investigation by four Canadian federal and provincial privacy authorities determined fast food restaurant chain Tim Hortons' application tracked and recorded users’ movements every few minutes daily, even when it was closed. Authorities said the app collected a “continual” and “vast” amount of location information — including where users lived, worked and traveled — while leading users to believe data was collected only when the app was in use. Tim Hortons agreed to implement recommendations that it delete remaining location data held by the company or third-party providers, establish a privacy management program and report compliance steps.
Privacy authorities find Tim Hortons app collected ‘continual,’ ‘vast’ location data
Related stories
Notes from the IAPP Canada: New government PIA standard takes effect mid-October
A case study in privacy operations: The Maryland SPI rule
10 tips to prepare for the EU Cyber Resilience Act
A view from Brussels: State of the (European) Union
US senator aims to advance US AI leadership with sandbox, federal regulatory exemptions
