Kevin Finnerty @timeimmemorial_

Me asking everyone how they like their burger before I cook them all exactly the same

May 30th 2022

30,741 Retweets357,138 Likes

Matthew Zeitlin @MattZeitlin

remember when dominos had that ad campaign that was like "our pizza was bad, we're sorry, now it's good," and now they have category leading delivery logistics and fine pizza? probably the only american institution that has gained trust recently

June 3rd 2022

2,750 Retweets57,107 Likes

“Mass invasion of Canadians’ privacy” was the searing conclusion of outgoing Privacy Commissioner of Canada Daniel Therrien following an investigation into the Tim Hortons mobile app.

OPC @PrivacyPrivee

Remarks by Privacy Commissioner of Canada regarding investigation of Tim Hortons. priv.gc.ca/en/opc-news/sp…

June 1st 2022

25 Retweets42 Likes

The outcome of the investigation is emblematic of the state’s inability to adequately protect consumers in a digital economy. Tim Hortons will pay no fines for violating the law, because the four privacy commissioners involved in the joint investigation do not have that power. 

The Globe and Mail @globeandmail

Tim Hortons is facing allegations that it violated Canada’s privacy laws by tracking customers via its app. Tim Hortons faces scrutiny over app’s tracking of customersA new report could reveal findings about whether the Tims app violated Canadian privacy lawstgam.ca

May 30th 2022

222 Retweets331 Likes

While the firm has agreed to implement the recommendations of four privacy authorities in this case, if the company had simply chosen to ignore the report, the commissioners would have been powerless to do much about it.

“It is untenable that organisations like Facebook are allowed to reject my office’s findings as mere opinions,” Therrien said back in December of 2019.

Therrien was calling for legislative reform in 2019, and as he ends his term as privacy commissioner this month with the Tim Hortons investigation, he was once again called on the federal government to pass stronger privacy laws.

OPC @PrivacyPrivee

The Tim Hortons app used location data to infer where users lived, worked, and whether they were travelling. It generated an “event” every time users entered and left their homes, entered and exited their office, or travelled. priv.gc.ca/en/opc-actions…

June 1st 2022

197 Retweets311 Likes

Decision-makers seem to be delaying the empowerment of regulators to do their jobs more effectively; which means vigorously enforcing the laws that we have and occasionally advising on new ones when appropriate. As it stands they are unable to do either; the advice is ignored and the enforcement is not happening.

Politically, Canada continues to privilege corporate interests that are averse to scrutiny or imposition of any sort when it comes to what they can do with the data they create. While these firms often caution that new privacy laws may chill investment or kill innovation, the fact that a coffee and donuts chain is getting in on the action shows that this is no longer the sole domain of a few bleeding-edge tech companies.

The Privacy Commissioner’s investigation concluded two years after exclusive reporting by James McLeod, who was then at the Financial Post. The 24-month lag leaves much to be desired, but findings are more than just an expensive and time consuming bureaucratic fact check. They are satisfying in that they reinforce that our governance institutions can investigate a data-driven firm.

Moreover, the privacy commissioners went beyond simply concluding that Tim Hortons acted illegally because they misled consumers to obtain geolocation consent. In establishing the central feature of proportionality — whether the collection of data was proportional to the benefits the firm received — the investigation underscored that even if the mobile app had been clear about the level of tracking, it STILL would have violated Canada’s privacy guidelines because the volume and frequency of information they were collecting was far greater than what they needed. 

This principle could represent an important step toward a more healthy and trustworthy data governance environment in Canada, but only if our watchdogs have appropriate teeth to impose penalties on violating companies, and the power to proactively sniff out potential violators.

The issues at play here, both the data collection concerns and the limited enforcement powers being brought to bear, have broader implications. Privacy is one concern; healthy and competitive markets are another.

Luis Alberto Montezuma @montezumachavez

If you believe in synergies between privacy and competition law, then this @PrivacyPrivee's decision is for you: priv.gc.ca/en/opc-actions… We found that Tim Hortons released updated versions of its App so that it could identify when the User was visiting a Tim Hortons competitor.PIPEDA Findings #2022-001: Joint investigation into location tracking by the Tim Hortons App - Office of the Privacy Commissioner of Canadapriv.gc.ca

June 4th 2022

1 Retweet1 Like

Companies use data to compete in digital markets, and as reported in The Logic, data allows companies to turbocharge existing anti-competitive tactics and enables new ones. Recently passed amendments to the Competition Act include non-price effects on competition that include consumer privacy to the type of anticompetitive effects that can be considered. Previously, the Competition Commissioner has teamed up with the Privacy Commissioner just once, to investigate misleading privacy claims. The resulting fine was a fraction of the penalties levied elsewhere after similar investigations.

GC Newsroom @NewsroomGC

Facebook to pay $9 million penalty to settle Competition Bureau concerns about misleading privacy claims Facebook to pay $9 million penalty to settle Competition Bureau concerns about misleading privacy claims - Canada.caFacebook Inc. will pay a $9 million penalty after the Competition Bureau concluded that the company made false or misleading claims about the privacy of Canadians’ personal information on Facebook and Messenger. Facebook will also pay an additional $500,000 for the costs of the Bureau’s investigatio…ow.ly

May 19th 2020

36 Retweets26 Likes

In the Competition Bureau, we see similar limitations. Without the power to compel market studies the Bureau would be unable to conduct a similar investigation into potentially anti-competitive dynamics in the data-driven economy.

A crucial component to this investigation into corporate surveillance was the ability to access the data that the app collected. In breaking the original story, McLeod was able to obtain the information through a request under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Moreover, if Tim Hortons ever faces any meaningful financial penalty, it will come in the form of class action lawsuits rather than state action. As it stands, the onus to evaluate and report irresponsible data collection behaviours continues to rest on individuals and the authorities we have are limited in their ability to resolve transgressions. 

The iPhone App Store first launched in 2008, and Apple added GPS to the device in the same year; the entire mobile geolocation ecosystem had only existed for 12 years when McLeod broke the Tim Hortons story. Two years for a formal investigation is too long in the context of the modern digital environment. Our collective impatience for broader policy reform is underpinned by time-intensive investigations that test the electorate’s attention and stretch regulator endurance under fragile political tenures. 

It is time to build a regulatory environment that can respond appropriately to market realities and adequately protect Canadians without the fear of feigned implications for economic growth. 

Leave a comment