The Office of the Privacy Commissioner (OPC) says it will release the results of an investigation into whether Home Depot shared customer data with Facebook’s parent company on Thursday.
A statement from the office said the investigation focused on the sharing of e-receipt data with Meta Platforms, which owns Facebook and Instagram.
No other details were released about the investigation, including what sparked the OPC to step in and when the probe began. A spokesperson for the privacy watchdog declined a request for comment.
A Home Depot spokesperson opted to wait until after the report is released to answer questions about when the company was first notified about the investigation and how long it has been cooperating.
Read more:
Meta’s Facebook agrees to settle data privacy lawsuit
Read next:
A&W pokes fun at M&M’s after company ditches spokescandies
The investigation only focused on the Canadian arm of the North American big box renovation chain, which operates over 180 stores in Canada and another 130 in Mexico. Its 2,000 American stores make Home Depot the largest home improvement retail chain in the U.S.
Shoppers at Canadian stores are typically asked to provide their email addresses to receive a paperless receipt at checkout or they can opt for a paper copy.
E-receipts are then shared in emails that include a link to Home Depot Canada’s privacy statement, which states the company will share customer information with “our Canadian, U.S. and foreign affiliates and service providers who provide services on our behalf,” like delivery, payment and call service companies.
It also says information can be shared with “our business partners” in the event of a joint promotion. But the statement does not mention social media companies or advertisers.
The receipts themselves are similar to paper ones and contain the location of the purchase, the payment option used and the items that were purchased.
Home Depot has been victim to data breaches in the past — most notably in 2014, when hackers accessed information from 56 million debit and credit cards from the chain’s payments systems across all stores in the U.S. and Canada.
The chain also revealed that the months-long hack accessed 53 million email addresses.
The breach led to a national class action settlement that included a $250,000 settlement fund for Canadian customers who proved they had incurred losses.
Read more:
Canadians not keen on trading privacy for intelligence sharing: polling data
Read next:
Jeremy Renner was trying to save nephew when he was crushed by snowplow: report
The OPC and privacy watchdogs in Ontario, Alberta and Quebec were notified by the company at the time about the breach, and found Home Depot did not violate Canadian privacy laws.
Meta Platforms has been the subject of multiple controversies regarding the sharing of user data, particularly allowing third parties like Cambridge Analytica to access it.
Last August, the social media giant settled a four-year-old lawsuit in San Francisco federal court over its third-party data sharing practices for an undisclosed sum.
© 2023 Global News, a division of Corus Entertainment Inc.
