14 DAY TRIAL // Sears Holdings Management Corporation, owner of Sears and Kmart retail chains, has agreed to settle the charges brought on by the Federal Trade Commission for promoting a data collecting software program to customers, but failing to properly disclose the scope of the personal information being gathered.
According to the FTC complaint (PDF), the company paid consumers $10 in order to install "research" software that was said to track online browsing habbits. The campaign claimed to invite customers to "participate in exciting, engaging, and on-going interactions – always on your terms and always by your choice."
What Sears failed to clearly mention, however, was that this software from ComScore, which had been criticized before, also monitored online secure sessions and collected information such as "contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails."
Additionally, the application also monitored non-Internet-related computer activity, which was far from "browsing behavior." The scope of the personal information being gathered was specified at the end of the software's EULA, but clearly the FTC considered that this was not a big enough warning for this level of privacy invasion.
"The complaint charges that Sears’ failure to adequately disclose the scope of the tracking software’s data collection was deceptive and violates the FTC Act," the Commission notes. The proposed settlement requires Sears to delete all the data gathered using this application and to clearly specify what data will be collected if it plans to distribute similar software in the future.
"This disclosure must be made prior to installation and separate from any user license agreement. Sears must also disclose whether any of the data will be used by a third party," the FTC stresses. The agreement (PDF) with Sears is opened to public comment for 30 days, an operation that can be performed by following instructions (PDF) available on the FTC website.
Cases where companies engaged in unfair practices that involved tracking software or technologies have also been reported in the past. One such high-profile incident occurred during 2006 and 2007, when British Telecom tested a behavioral advertising technology called Phorm without informing its costumers.
As a result, the European Commission, the executive body of the European Union, has recently threatened to sue the UK government for failing to protect the privacy of its citizens, if it does not immediately make changes in the nation legislation in order to prevent similar abuses in the future.