Consumers were outraged when a settlement first reported on WalletPop in June was reached between Sears Holdings over an accusation by the Federal Trade Commission that the owner of Sears and Kmart was spying on the web use and online shopping habits of its customers. They won't be a lot happier with the ending.
The feds just officially resolved the case after commissioners accepted the proposed settlement and the penalty for Sears' alleged overzealous, privacy invading behavior wasn't even a slap on the wrist. It was a gentle touch. The harshest part of whole situation was the FTC actually letting people know the situation even happened.
The penalty: if Sears offers such a software program again it should be more honest about the implications. Sears has to destroy all the data -- which was already done. And, Sears needs to help those who want to uninstall the software.
Ouch. That should discourage other companies from doing this sort of thing.
Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable.
To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites. Sears called the group that participated "small" and said the data captured by the program was at all times secure and was then destroyed.
The FTC filed a complaint against Sears, accusing the retailer of deceiving those who signed up for the service and downloaded the software.
"(Sears) failed to disclose adequately that the software application, when installed, would: monitor nearly all of the Internet behavior that occurs on consumers' computers, including information exchanged between consumers and websites other than those owned, operated, or affiliated with respondent, information provided in secure sessions when interacting with third-party websites, shopping carts, and online accounts, and headers of web-based email; track certain non-Internet related activities taking place on those computers; and transmit nearly all of the monitored information (excluding selected categories of filtered information) to respondent's remote computer servers," the FTC concluded.
Sears gets mere wrist slap for allegedly spying on customers