For any non-Canadian, Tim Hortons is a mostly intranational coffee and fast food franchise. To anyone familiar with Dunkin Donuts in the US, it’s the Canadian equivalent of that. They used to be okay many years ago but went downhill after being acquired by Burger King. There’s too many things wrong about this incident, I actually struggled how to word it logically into an article. It wass also hard to write this without putting any profanity in, hopefully you’ll understand why after reading.
In mid 2020, Tim Hortons was caught tracking users of its mobile app. They started collecting location data in March of 2019. The company was investigated by the federal government and class action lawsuits followed. From start to finish, the story of this spectacle is a hysterical disaster.
Scandal Context
Tim Hortons, like most large fast food franchises, has a mobile app where you can submit orders and accrue points for free products. That app was caught tracking user location data in the background extremely often. And I really mean, extremely often. We’re talking about Facebook and Google levels of tracking.
What the app tracked
One user of the app, who is also a journalist, posted an article of him discovering what the app did. It’s a good and horrifying article, you should read it even if you have no ties to Tim Hortons. The journalist’s location was tracked over 2700 times in a span of 5 months. The app tracked entry and exit location data of the following, with timestamps too:
- Home addresses
- Place of work
- When entering competing stores, such as Starbucks
- Travel location
- Miscellaneous data
You could easily deduce key information of a person’s life with this much data. The miscellaneous data is really whenever the app decided to phone home. For instance, some of the coordinates tracked were sent when the journalist was at a baseball game. Just think about those numbers. Assuming the app evenly pinged location data, that’s about once every hour.
The app claimed to only track location data while in use, which has clearly been violated. Tim Hortons claimed to not have done anything with the data, and the intent was for targeted advertisements. The company must have been playing 4D chess in order to deliver ads by gathering when someone enters a McCafe. The data was also collected by a third party company, and who knows what they could have done with that much location data.
Even the people most numb to privacy and tracking should be frightened by this level of surveillance. You can easily use this data to perform malicious activities; home robbery, spear phishing attacks, or even straightup assassinations. For more of this objective data, I recommend reading the dementia-inducing report. It’s the official investigation report filled with jargon from the government of Canada. Reading the overview should provide enough information to show the horrible events that took place.
Sadly, the journalist of the article still uses the app. Some time has passed since the scandal, and mobile OSes provide more toggleable privacy settings. The journalist thinks that the updated app and OS should let him use the app without leaking any more location data. Perhaps, but personally, I would never touch that app again; probably not even visit a Tim Hortons or other fast food company under the same parent.
Thoughts
Why does a coffee shop need all of this information? Long answer: they absolutely do not. Tim Hortons will defend their choices with arguments like these.
we want to know how our customers interact with our brands
to improve our services
it’s to allow us to serve tailored services
And other typical corporate sentences.
When I first heard news about the data tracking, I just laughed. I don’t use these mobile apps, so I’m not directly affected, but I do know close people who use it. The fact that this kind of privacy invasion is so common is sad. People don’t care, all 2000 Tim Hortons nearby me probably still have tons of people getting coffee every day. They don’t mind if their location information was quietly logged in the background without consent, all that matters is the $2 coffee in front of them.
And that’s my thoughts. The situation sucks. The company is terrible. People suck for being content with the situation. Tim Hortons should receive a massive fine and get their executives completely replaced. The only way a business would stay ’ethical’ is if their profits depended on it.
All I feel is some sadness and some frustration.
The lawsuit
We’re not done with this dumpster fire story, because the lawsuit part still remains. As stated in the beginning, Tim Hortons faced several class action lawsuits. Now, these typically end up with paltry compensation per individual. Not to mention the light fines a company faces when ‘settling a lawsuit’ instead of being found guilty. I remember when the GTX 970 class action lawsuit got people $30 per person, for a $300 video card.
I think the settlement of this case is by far the most paltry payment I’ve seen. It’s genuinely confusing how this was agreed upon.
Mockery of a settlement
Tim Hortons is willing to settle by offering a free coffee and donut to all affected customers. Tim Hortons also claims it does not admit guilt for its actions, and instead tries to blame users for not setting app privacy settings correctly.
Just imagine.
- You’ve been visiting the same coffee franchise for perhaps decades
- You started using their app as the company steadily adds incentivizes
- You learn that the company was collecting your location data for over a year
- They collected enough information to figure out your house, workplace, or even when you enter a McDonalds
- The company wants to provide you with a free drink and snack for compensation
The settlement is the bigger joke than the scandal itself. Here’s an article that covers some details of the compensation.
Tim Hortons considers the ‘retail value’ of the drink + snack is about $8.5. So first, each individual is essentially getting $8 of fast food credit. Second, assuming an app userbase of 4 million from the article above, that’s a net value of $34 million. Seems about in line with the typical settlements and fines companies pay for their scandals.
The most ironic part? That compensation is going to be accessible via the mobile app.
The absolute state of Tim Hortons
This whole event is a joke. A giant company records massive amounts of location data without consent from customers. They falsely market their privacy policies. They get caught tracking data and have to settle class action lawsuits. Each affected customer gets a coffee and a donut. The company is “pleased to meet the settlement”, while probably complaining its business expenses climbed by $30 million for the year.
It’s a somewhat doomer attitude, but while this is objectively unbelievably infuriating, I also don’t really feel much besides disappointment. The inept consumer and the corrupt company, both are to blame. Add in the migration to phones becoming ever more central to life for some more doomium. Tech trends suck.
The majority of people have some loyalty app for big franchises. Whether you have the McDonalds, Starbucks, or whatever other mobile app, you’re always at risk for the next big tech scandal. Keep the consequences in mind when you have these installed, you’re not going to stop tracking by just tapping a few buttons in settings. And these loyalty apps aren’t the only problem, of course. Phones themselves, social media, communications, payment, browsers, any mainstream OS, the list goes on.
I’m probably done with Tim Hortons for years, if not for good. Never liked them after the Burger King acquisition, never liked mobile apps and modern tech trends, and not a big coffee drinker anyways. For once, I can agree with the outrage on Reddit.