In 2020, over one million Canadians used Tim Hortons’ Mobile app for ordering their morning coffee. What they didn’t know was that the app was still collecting their location data after they turned it off. A June 2022 federal privacy commissioner’s report found the coffee chain had violated privacy laws, and the whole mess highlights the thorny issue of consumer-data collection.
Here, Sharon Bauer, founder of Bamboo Data Consultingand Oshoma Momoh, Chief Technical Advisor MARS Discovery DistrictDiscuss how consumer data can help businesses—and how it can be collected responsibly.
Sharon BauerThere is nothing wrong with collecting location data for marketing and discounts if you get permission to do so. But Tim Hortons gave the impression that its app only collects data while customers are using it. If a user knew the app would track them wherever they went, they might feel differently about whether the price exchange was worth it.
Oshoma Momo: Companies are realizing that they have to focus on privacy and ethical data collection. If a business collects data, it should improve customer experience over time. They can ask questions like, “Which products do my customers like best? Are there customer segments that are underserved or new customers that I can reach through targeted advertising?” There’s also data collection that personalizes the experience, such as how Amazon remembers that you purchased a certain product. We are seeing more applications of machine learning and artificial intelligence to optimize the consumer experience.
SB: Consumers are often willing to give up their data in exchange for something like a personal experience or a discount. Privacy can be a perk as opposed to something that hinders the bottom line. Companies can design their products and services with privacy in mind. Timed consent, where companies ask users for their information when needed, is a good example of this. User can decide in context.
OM: a right to privacy app 1 password, a password-manager app I’ve been using for years. It can check to see if any of the websites you use have been infringed. But it does this only when you allow it to do so. When it comes to long-term services, check-ins and reminders are essential. For example, I appreciate hearing Google Sometimes to find out what it’s doing with my Gmail data. But the experience is not correct. Very often, you get a pop-up asking for your permission to bypass the privacy policy- “For more information, visit this link.” If you’re not okay with five second prompts, you’re signing up for 15 minutes of legal reading.
SB: Companies should make their privacy policy more user-friendly, with videos, infographics or other creative methods showcasing their practices. August, a digital marketing company, has a great one—it’s engaging and easy to understand. It’s like a story, and you just want to keep scrolling down the page.
OM: If a company does a good job of data collection, it can achieve better customer engagement, generate more revenue and drive more repeat business. For example, if you’re signing up for a service with a geographic component, the experience is better because the app knows your location. Conversely, if a company doesn’t do those things well, it will get all the opposite.
SB: To seek meaningful consent, whether explicit or implicit, a company must be transparent about what they are collecting, how they intend to use it and whether they wish to disclose that data to any third parties . There will be many more aspects of this in the federal government’s upcoming privacy legislation, Bill C-27. Regulators would have more power, and a new tribunal would be able to impose heavier fines. If you have a good program that already complies with Europe’s general data and security regulations, I don’t think it’s going to be a significant change. But for companies that don’t have a privacy program in place, it’s going to be a heavy lift. They must demonstrate that they have both policies and a culture where their employees comply with them.
