There are always many questions on my mind as I approach the Tim Hortons drive-through: Can I actually find the end of the line, or will I be circling the parking lot for all eternity in a particularly Canadian version of hell? Will they actually have sesame bagels this time? Will there only be disgusting flavours of Timbits left? (I’m looking at you and your doughy balls, Justin Bieber.)
I did not expect to discover that those Timbits were spying on me. Of course, as we discovered in this week’s privacy breach revelations, Tim Hortons did not need to plant an eyeball in a doughnut hole. All it had to do was ask us to sign up for its app and give our data away. What an equation: The company got invaluable troves of consumer information, and we got to save 30 seconds when ordering our Iced Capps.
If you missed the news, a coalition of Canadian privacy watchdogs slapped Tim Hortons on the wrist this week, after finding the company had spied on its customers by collecting a near-constant stream of location data and other information through its phone app. Their report found that while the company stopped “continually tracking” its users in 2020, “that decision did not eliminate the risk of surveillance.” They have asked the company to delete remaining location data.
“Tim Hortons clearly crossed the line by amassing a huge amount of highly sensitive information about its customers. Following people’s movements every few minutes of every day was clearly an inappropriate form of surveillance,” federal privacy commissioner Daniel Therrien said in a statement. “This case once again highlights the harms that can result from poorly designed technologies as well as the need for strong privacy laws to protect the rights of Canadians.”
The privacy investigation was launched in 2020, after James McLeod wrote a story in the Financial Post about how he was being tracked by his Tim Hortons app, even when he wasn’t using it, in the most unlikely places – at a baseball game, for example, and on a vacation abroad. It recorded every time he cheated on Timmies with a rival fast-food chain.
Why, you may wonder, does it matter what a company does with your data? Is it really so important? What if I delete the app and then I have to wait in line for two minutes for my chicken wrap? The answer is yes, it is extremely important. And if you have to wait two minutes in line, call your mother. Do a crossword puzzle. Pick lint off your shoulder. Do any of the things we did before we sold our souls to the demon in our pocket.
When it comes to data collection, it helps to visualize the trade-offs we make every day. Think of yourself not as an ordinary bag of flesh made up of good impulses and bad decisions, but as an ambulatory ruby mine. You are a rich lode, your treasures waiting to be plucked by corporations near and far. They want to know what shops you visited and what goods you bought, how much you paid for your house and your shoes, what are the dark thoughts you share only with your phone in the middle of the night. Then all these gems, yours and your neighbour’s, are added together to make a crown of incalculable worth. Except you don’t get any dividends from the mine.
It’s not only doughnut peddlers that want your valuable personal information. Apps that track people’s mental health and women’s fertility are also on the hunt. As Shoshana Zuboff, the author of The Age of Surveillance Capitalism, recently wrote: “An economic order founded on the secret massive-scale extraction of human data assumes the destruction of privacy as a nonnegotiable condition of its business operations.”
Consumers understand so little about what’s happening with our data. The Washington Post’s technology columnist decided to read all the privacy agreements on his phone and gave up when he realized they amounted to nearly a million words. Who wants to read a million words when you could just hit “yes” on the way to your frappuccino?
The result is a system of “lopsided information,” according to a new report from the Surveillance Studies Centre at Queen’s University – and in this relationship, the power skews one way. It’s not just corporations that collect data in opaque ways, but government bodies and police, too. The pandemic shifted our lives even more online, and placed our offices in our living rooms, but there was no concurrent shift to transparency. We use our phones as flashlights, but we’re still living in the dark.
The Queen’s report calls for a transformation in the way that our information is collected and used, a shift toward openness and equality that it calls “data justice.” There are any number of proposals floating around to make our personal data more secure, most of which involve regulating companies, and reprimanding or fining those that flout the rules. (Tim Hortons to the front of the line, please.)
But consumers have a role to play, too. We may not be willing to read a million words of privacy disclaimers, but surely we can put some effort into understanding the devil’s bargain we’re making when we unthinkingly hit “agree” on every app that pops up onscreen. What exactly are we willing to sell for a few minutes of convenience? It may be a lot more expensive than we think.
Keep your Opinions sharp and informed. Get the Opinion newsletter. Sign up today.