October 1, 2022
One of Canada's most popular fast-food chains was caught eating up data from its app's users.

One of Canada’s most popular fast-food chains was caught eating up data from its app’s users.

The Canadian donut and coffee chain Tim Hortons violated Canadian privacy laws by tracking users’ location data without proper consent or regulation, according to an investigation from Canadian privacy officials.


“Our joint investigation tells yet another troubling story of a company that failed to ensure proper design of an intrusive technology, resulting in a mass invasion of Canadians’ privacy,” Canadian Privacy Commissioner Daniel Therrien said at a Wednesday press conference. “It also highlights the very real risks related to location data and the tracking of individuals.”

The app tracked users when their app was not open, according to the investigation.

“[Tim Hortons] says it never used this data for its intended purpose of marketing to individuals, only to analyze general consumer trends,” Therrien noted. However, the company failed to adopt “an appropriate privacy management program and associated risk assessments,” including contractual measures that would prevent Tim Hortons locations in the United States from accessing that collected data.

This user data included information on where users lived, worked, and select “events” of relevance to the company, such as entering or exiting a Tim Hortons or attending a major sports venue.

“As a society, we would not accept it if the government wanted to track our movements every few minutes of every day,” Therrien emphasized. “It is equally unacceptable that private companies think so little of our privacy and freedom that they can initiate these activities without giving it more than a moment’s thought.”

While Tim Hortons ended its data collection practices in 2020, the investigators recommended that the restaurant chain delete any remaining location data it may have saved, establish better business practices for managing data and information collection, and report the details to Canadian authorities. Tim Hortons agreed to implement the recommendations.

The investigation originated from a reporter from the Financial Post claiming in 2020 that the Tim Hortons app had recorded his GPS location 2,700 times over five months.


The chain’s owner, Restaurant Brands International, is also facing four class-action lawsuits concerning its app. The lawsuits, filed after the Financial Post article on the app’s GPS tracking, will be influenced by the findings of the privacy commissioners, according to CBC.

The Office of the Privacy Commissioner of Canada did not reply to requests for comment from the Washington Examiner.

Leave a Reply