FTC Seeks Public Comment on Sears Holdings Management Corporation Petition to Reopen and Modify Commission Order Concerning Online Browsing Tracking #14

Submission Number:
Pepe Silvia
Initiative Name:
FTC Seeks Public Comment on Sears Holdings Management Corporation Petition to Reopen and Modify Commission Order Concerning Online Browsing Tracking
To whom it may concern: In a recent FTC action, Sears Holding Management Corporation ("Sears") requested that the FTC reopen and modify a 2009 Commission Order settling charges that Sears inadequately disclosed the scope of consumer data collected through the company's software application. The initial FTC complaint alleged that Sears represented to consumers that its downloadable software application would track users' "online browsing," but in fact tracked nearly all of the users' Internet behavior. Sears petitioned the FTC to modify the Order's definition of "tracking system," which the company contends is overbroad and impracticable. The definition of "tracking application" (sic) as outlined in the FTC's Order, is reproduced below. Resultant obligations are also copied below, based on application of the statutory definition of "tracking application." As an average consumer and a privacy professional actively engaged in data privacy compliance work, I cannot see reasonable objection to either the definition of "tracking application," or the resultant obligations which flow from such definition. This definition and the resultant obligations are in keeping with international standards (e.g., GDPR, CASL), so an international organization like Sears is undoubtedly already held to this standard in other jurisdictions. In addition, it is imperative that businesses continue to maintain fair and clear relationships with their customers in the evolving digital economy. To obfuscate consumer rights or corporate responsibilities based on technical definitions is harmful to U.S. jurisprudence and international business standards. "Tracking Application" shall mean any software program or application disseminated by or on behalf of respondent ... that is capable of being installed on consumers' computers and used by or on behalf of respondent to monitor, record, or transmit information about activities occurring on computers on which it is installed, or about data that is stored on, created on, transmitted from, or transmitted to the computers on which it is installed. IT IS ORDERED that respondent, directly or through any corporation, subsidiary, division, or other device, in connection with the advertising, promotion, offering for sale, sale, or dissemination of any Tracking Application, in or affecting commerce, shall, prior to the consumer downloading or installing it: A. Clearly and prominently, and prior to the display of, and on a separate screen from, any final "end user license agreement," "privacy policy," "terms of use" page, or similar document, disclose: (1) all the types of data that the Tracking Application will monitor, record, or transmit, including but not limited to whether the data may include information from the consumer's interactions with a specific set of websites or from a broader range of Internet interaction, whether the data may include transactions or information exchanged between the consumer and third parties in secure sessions, interactions with shopping baskets, application forms, or online accounts, and whether the information may include personal financial or health information; (2) how the data may be used; and (3) whether the data may be used by a third party; and B. Obtain express consent from the consumer to the download or installation of the Tracking Application and the collection of data by having the consumer indicate assent to those processes by clicking on a button or link that is not pre-selected as the default option and that is clearly labeled or otherwise clearly represented to convey that it will initiate those processes, or by taking a substantially similar action.