The Federal Trade Commission (“FTC”) is soliciting public comments on a petition filed by Sears Holdings Management (“Sears”) to reopen and modify a 2009 FTC order regarding the tracking of personal information on their software apps. The petition is notable for a number of reasons. First, the Sears consent order was a seminal order in the development of the FTC’s privacy jurisdiction, standing for the proposition that a company cannot “bury” disclosures that consumers would not expect in long privacy notices. Second, the concept of modifying 20-year consent orders is an important one in light of changes over time. Third, the petition seeks to correct the unintended consequences that a consent order can have on future technologies when such an order regulates present ones.
In the 2009 FTC order, Sears settled charges that it failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app. As part of that 20-year consent order, Sears agreed to make certain disclosures and obtain consent in connection with its downloadable software app and future ones that “monitor, record, or transmit information.” The petition argues that the 2009 FTC order should be modified to update its existing definition of “tracking application,” presently defined as:
any software program or application . . . that is capable of being installed on consumers’ computers and used . . . to monitor, record, or transmit information about activities occurring on computers on which it is installed, or about data that is stored on, created on, transmitted from or transmitted to the computers on which it is installed.
The petition seeks to modify this definition to exempt information about “(a) the configuration of the software program or application itself; (b) information regarding whether the program or application is functioning as represented; or (c) information regarding consumers’ use of the program or application itself.” Continue Reading