| Recurring |
unknown |
(a) The software failure incident related to the inappropriate tracking of users' movements by the Tim Hortons mobile app has not been reported to have happened again within the same organization as per the provided articles [129060].
(b) The software failure incident related to the inappropriate tracking of users' movements by the Tim Hortons mobile app has not been reported to have happened again at other organizations or with their products and services as per the provided articles [129060]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the Tim Hortons case can be attributed to the design phase. The incident occurred due to the app misleading users about the extent of location tracking, collecting data even when the app was not in use, and using the data for purposes beyond what users were informed about. This failure was a result of contributing factors introduced during the development of the app, specifically in the design and implementation of its geolocation functions [129060].
(b) Additionally, the incident can also be linked to the operation phase. Users were unknowingly subjected to continuous location tracking, indicating a failure in the operation of the app and the misuse of user data by the company. The failure in operation was a result of how the app was utilized by Tim Hortons to track users' movements without their explicit consent or knowledge, highlighting operational shortcomings in handling user data [129060]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in the Tim Hortons mobile app was primarily due to factors originating from within the system. The app misled users by asking for permission to access geolocation functions but then continuously tracked users' movements even when the app was not in use, violating privacy laws. Tim Hortons continued to collect vast amounts of location data unnecessarily, leading to inappropriate surveillance of its customers [129060]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically the Tim Hortons mobile app continuously tracking and recording users' movements every few minutes of every day, even when the app wasn't open. This violation of privacy laws was a result of the app misleading users about the extent of location tracking, leading to the collection of vast amounts of location data without legitimate need [129060].
(b) However, human actions also played a role in this incident as Tim Hortons, the company behind the app, made the decision to implement this extensive tracking feature and continued collecting location data even after halting the continual tracking in 2020. The company's actions in misleading users and not effectively notifying customers about the actual tracking practices contributed to the software failure incident [129060]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The incident involving Tim Hortons' mobile app tracking users' movements continuously was not directly attributed to hardware failure but rather to the misuse of geolocation functions within the app [129060].
(b) The software failure incident related to software:
- The software failure incident in this case was primarily due to the design and implementation of the Tim Hortons mobile app, which misled users about the extent of location tracking and continuously collected sensitive location data without proper consent or transparency [129060]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident in this case was non-malicious. The failure was related to the Tim Hortons mobile app tracking users' movements without their explicit consent or knowledge, in violation of privacy laws. The app misled users into believing that their location data would only be accessed when the app was in use, but in reality, it tracked users continuously, even when the app was not open. This behavior was deemed as inappropriate surveillance by the Canada Privacy Commissioner, and Tim Hortons was found to have crossed the line by amassing sensitive information about its customers [129060].
(b) The failure was not due to malicious intent to harm the system but rather a result of misleading practices and inadequate communication with customers regarding the app's data collection and tracking functionalities. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident:
- The software failure incident related to the Tim Hortons mobile app tracking users' movements every few minutes of every day, even when the app wasn't open, was primarily due to poor decisions made by the company.
- Tim Hortons misled users by asking for permission to access geolocation functions but failed to inform them that their location data would be continuously collected, leading to a violation of privacy laws [129060].
- The company continued to collect vast amounts of location data for targeted advertising purposes, even though there was no legitimate need to do so, which was deemed as inappropriate surveillance by the Canada Privacy Commissioner [129060].
- Tim Hortons' contract with a third-party location services supplier contained vague and permissive language that could have allowed the company to sell de-identified location data for its own purposes, posing a risk of re-identification of individuals [129060].
(b) The intent of the software failure incident:
- The software failure incident could also be attributed to accidental decisions or unintended consequences, as Tim Hortons stated that they took immediate steps to improve communication with guests about data sharing and reviewed privacy practices with external experts after the issue was uncovered by a reporter [129060].
- The company claimed that the geolocation technology was proactively removed from the app and that the data collected was only used on an aggregated, de-identified basis to study business trends, not for personalized marketing [129060].
- Alberta Information and Privacy Commissioner Jill Clayton highlighted that Tim Hortons' customers did not have adequate information to consent to the actual location tracking that was occurring, indicating a lack of transparency and unintentional consequences of the tracking feature [129060]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the Tim Hortons mobile app can be attributed to development incompetence as the app misled users about the extent of location tracking, leading to a violation of privacy laws. The app asked for permission to access geolocation functions but continued to track users' movements even when the app was not in use, collecting sensitive location data without users' explicit consent [129060].
(b) Additionally, the incident can also be categorized as accidental, as Tim Hortons claimed that the continual tracking of users' locations was halted in 2020 after the government began investigating. However, the contract with a third-party location services supplier contained vague and permissive language that could have allowed the company to sell de-identified location data, posing a risk of re-identification [129060]. |
| Duration |
permanent |
(a) The software failure incident in this case was more of a permanent nature as Tim Hortons' mobile app continuously tracked users' movements every few minutes of every day, even when the app wasn't open, for an extended period. This continuous tracking was a result of the app's design and functionality, which violated privacy laws and collected vast amounts of location data unnecessarily [129060]. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident in the Tim Hortons mobile app case did not involve a crash where the system loses state and stops performing its intended functions. Instead, the app continued to function and track users' movements even when it was not open, indicating that the app did not crash in the traditional sense [129060].
(b) omission: The incident does involve a form of failure due to omission. Users were misled to believe that the app would only access their location data when in use, but in reality, the app continually collected their location data even when not in use. This omission of information led to users unknowingly being tracked at all times, which was a violation of privacy laws [129060].
(c) timing: The failure in this case is not related to timing issues where the system performs its intended functions but at the wrong time. Instead, the issue lies in the continuous tracking of users' movements, indicating a violation of privacy laws rather than a timing-related failure [129060].
(d) value: The software failure incident does involve a failure related to the system performing its intended functions incorrectly. The Tim Hortons app collected vast amounts of location data, including inferring where users lived, worked, and traveled, which was not the intended use of the app. This incorrect use of location data for purposes beyond what users consented to is a failure in terms of value [129060].
(e) byzantine: The incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The issue in this case is more about the inappropriate collection and use of user data rather than erratic or inconsistent behavior of the app itself [129060].
(f) other: The other behavior exhibited in this software failure incident is the misleading behavior of the app. Users were misled into believing that their location data would only be accessed when the app was in use, while in reality, the app continuously tracked their movements. This misleading behavior led to a breach of privacy and trust between the users and the app provider [129060]. |