Popular Coffee Chain Allegedly Caught Covertly Spying On Its Customers

Coffee giant Tim Hortons was caught illegally surveilling its customers.

By Kristi Eckert | Published

tim hortons

For all the advantages that evolving technologies have afforded the public, there have been a great number of disadvantages to crop up, too. Namely, how companies use personal data to exploit their patrons and users. We’ve seen it in the ways social media harvests user information. And, since the widespread emergence of smartphones and app usage, many more companies are now getting caught redhanded hoarding customer data. For instance, Domino’s was recently caught using its app to siphon user data. Now, Gizmodo reported that Popular coffee chain, Tim Hortons was the latest to be discovered illegally surveilling its customers.

Tim Hortons, whose locations are largely in Canada and the upper quadrants of the US, was recently subject to an investigation by Canadian regulators. The investigation revealed some disturbing facts. Investigators found that in 2019 Tim Hortons changed its mobile app so that it could harvest a continuous stream of data from all of its users. Privacy Commissioner of Canada Daniel Therrien disclosed that the company was able to collect data from individuals as often as every few minutes. Calling that excessive is an understatement. What’s more disturbing yet, is that researchers could not identify a real purpose as to why the coffee giant needed to collect that much personal data from its consumers.

The investigation that exposed Tim Hortons was prompted after James Mcleod, a journalist, published an article in the Financial Times detailing his findings in regards to the Tim Hortons app tracking his movements. McLeod reported that he was able to identify 2,700 separate instances over five months in which the app was tracking his movements for no apparent reason. More alarming still is the fact that the Tim Hortons app was tracking his movements so closely, was that this was mostly done when McLeod was not using the app. McLeod’s horrifying findings are what galvanized the Canadian government to take action.

In response to the purported allegations, Tim Hortons is asserting that they in no way misused any of the data that they collected. “The very limited use of this data was on an aggregated, de-identified basis to study trends in our business—and the results did not contain personal information from any guests,” the company said in a statement. While it is true that aggregated data strips the information of anything personally identifiable, should that data fall into the wrong hands it could easily be reverse-engineered to reveal the once-masked information. Citing this potentiality supports the idea that no company should be given the okay to track its customers and/or harvest their personal information (aggregated or not) in any way.

Thankfully, after McLeod’s initial report surfaced, Tim Hortons took immediate action to make changes to its app. After the results of the investigation were revealed, the company made a point to mention that the Canadian regulators did not require them to make any changes to the current iteration of its app. Still, that in no way mutes the gravity of what the investigation into Tim Hortons and its app uncovered. Ultimately, British Columbia’s information and privacy commissioner, Michael McEvoy, emphasized that if nothing else this investigation serves as an example that it is not okay to exploit customers in the way Tim Hortons did. “This investigation sends a strong message to organizations that you can’t spy on your customers just because it fits in your marketing strategy,” asserted McEvoy. Whether or not companies will hear that message loud and clear, though, is still up for debate.