A joint investigation by four Canadian federal and provincial privacy authorities determined fast food restaurant chain Tim Hortons' application tracked and recorded users’ movements every few minutes daily, even when it was closed. Authorities said the app collected a “continual” and “vast” amount of location information — including where users lived, worked and traveled — while leading users to believe data was collected only when the app was in use. Tim Hortons agreed to implement recommendations that it delete remaining location data held by the company or third-party providers, establish a privacy management program and report compliance steps.
Privacy authorities find Tim Hortons app collected ‘continual,’ ‘vast’ location data
Related stories
Notes from the IAPP Canada: The intersection of crowdsourced rating sites and privacy
Notes from the Asia-Pacific region: Australia eSafety Commissioner launches social media age restrictions hub
EU Data operational impacts: The Data Act's interplay within the EU digital rulebook
Notes from the IAPP Europe: A focus on the Digital Networks Act
The 2025 Brazilian DPO: Navigating high risks with limited runways
