FTC v. Sears: Is Placing Material Internet Contract Terms in a Scrollbox Now Taboo?
Digital media law: The FTC's recent complaint against Sears Holding Management Corporation targeted an Internet contracting practice that has heretofore been widely approved of by U.S. courts -- placing key disclosures or terms for an online "clickwrap" agreement in a scrollbox. The courts have often overlooked the fact that placing contract terms in scrollboxes may mean that a consumer never actually reads them, because to do so often requires the consumer to click through multiple tiny scrollbox screens. Instead, many courts have held that a consumer who clicks her acceptance to such terms should beheld to her word. In its case against Sears Holding, which was resolved via consent decree on August 31, 2009, the FTC has now stated that in certain circumstances such "hidden" disclosures will not be enough.
The case is In re Sears Holding Management Corp., FTC Docket No. C-4264. Sears Holding handles marketing operations for the Sears Roebuck and Kmart retail stores, and operates the sears.com and kmart.com online retailing sites. In 2007-2008, Sears Holding created and tried to get customers to voluntarily agree to participate in an online market research program. According to the FTC complaint, the program would run in the background on users' computers and transmit information on virtually all of the users' Internet use to Sears Holding. This included information on web browsing, filling shopping baskets, transacting business during secure sessions, completing online application forms, checking online accounts, and use of web-based email and instant messaging services.
Sears Holding marketed this research program via a popup box that it delivered to 15% of visitors to the sears.com and kmart.com websites. The popup box marked the research program as a method for customers to "talk directly" to a retailer, and to "tell them about the products, services and offers that would really be right for you . . ." The popup box invited viewers to enter their email address to receive a follow-up email with more information.
The follow-up email introduced recipients to the "MY SHC Community," which was billed as "a dynamic and highly interactive online community. It's a place where your voice is heard and your opinion matters . . . " To become a member of MY SHC Community, the email directed recipients to complete a registration process. It explained, "You'll be asked to take a few minutes to download software . . . This research software will confidentially track your online browsing . . ." The email apparently contained no further details on the extent of the information that Sears Holding could obtain from the tracking software. The email also offered visitors a $10 payment for joining the "online community."
The email contained a "Join Now" button. If recipients clicked the button, they were directed to an Internet landing page which further directed them to a registration page. To complete registration, recipients were asked to enter basic biographical information. Below the fields for entering this data, the site presented a scroll box which contained a "Privacy Statement and User License Agreement." While the scroll box contained apparently well over 100 lines of text, it only displayed 10 lines at a time.
Beginning on the 75th line of the scrollbox was information explaining the full extent of the information that MY SCH Community would be able to obtain from participants' computers. The disclosures made in the scroll box appear to have been fairly complete. They revealed that the tracking software would provide the speed, memory capability and Internet connection speed of participants' computers, as well as information on related routers and peripherals. They stated that the software "monitors all of the Internet behavior that occurs on the computers on which you install the application, including both your normal web browsing and that activity you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts, which may include personal financial or health information . . ."
Below the scrollbox was a link that users could click to get a printable version of these terms. Below this was a checkbox next to a statement confirming that the user have read, agreed to, and obtained the agreement from all other computer users to these terms. Users were required to check this box to complete the registration process.
Sears Holding probably thought it had done everything right. Its initial "come on" to MY SHC Community may not have disclosed all the details about the function of its tracking software, but these details were eventually provided in full. And, consumers were required to certify that they had read and assented these details before being permitted to participate in the MY SHC Community. Moreover, courts regularly enforce click-through or clickwrap agreements that are presented in a form substantially identical to that used by Sears Holdings here -- with detailed terms and conditions contained in a scrollbox to which a user is required to assent by clicking a box stating that she has read and accepted their terms. See, e.g, Feldman v. Google, Inc., 513 F.Supp.2d 229, 235-38 (E.D.Pa. 2007); Forrest v. Verizon Communications, Inc., 805, A.2d 1007, 1010-11 (D.C. 2002); Barnett v. NSI, 38 S.W.3d 200 (Tex. Ct. App. 2001); Caspi v. Microsoft Network, LLC, 323 N.J. Super. 118 (1999).
The FTC obviously didn't agree. In its complaint, the FTC stated that the sum of Sears Holdings disclosures meant that Sears Holding had "represented, expressly or by implication, that the Application [MY SHC Community software] would track consumers' 'online browsing.'" According to the FTC, Sears Holding failed to adequately disclose that its software would "monitor nearly all of the Internet behavior that occurs on consumers' computers, including information exchanged between consumers and websites other than those owned, operated, or affiliated with [Sears Holding], information provided in secure sessions when interacting with third-party websites, shopping carts, and online accounts . . . "
The FTC really had several problems with Sears Holdings' disclosures. First, the FTC regarding the scrollbox disclosures as complete ineffective and effectively amounted to no disclosure at all. Second, the FTC believed that even if these scrollbox disclosures had been read by a few consumers, they weren't explicit enough -- especially in explaining that the MY SHC Community software would be gathering information about participants' non-Sears related Internet activities. Third, the statements made elsewhere in the marketing materials for the program also didn't help, because they gave the false overall impression that MY SHC Community was about sharing information about shopping preferences with Sears and Kmart, not giving Sears Holding a window into participant's overall Internet use.
To remedy these problems, the Consent Order required that for any future offers of any tracking software, Sears Holding would be required disclose "all the types of data that the tracking software would monitor, record, or transmit." These disclosures must state, inter alia whether this data will include information from the consumer's interactions with a specific group of website, or the Internet as a whole, whether it would include information from secure sessions with third party websites, and whether it would include personal financial and health information.
Moreover, these disclosures must be made "clearly and prominently." This means that they must be made "prior to the display of, and on a separate screen" from any end user license agreement, privacy policy or terms of use. They must be made using a typeface and in a location "sufficiently noticeable for an ordinary consumer to read and comprehend them." If made over the Internet, they must be "unavoidable" -- in other words, not hidden on the 75th line of scrollbox.
The most significant element of the consent order is the requirement that terms in an Internet agreement be unavoidable. For terms to be unavoidable, they can't be contained in a typical scrollbox that a user can decide to read as her option. They probably also can't be accessed via a hyperlink (another practice sometimes approved by the courts), unless the user is forced to access the hyperlinked material.
There is no question that the FTC's position is substantially stricter on disclosure than that considered acceptable by many courts. Indeed, in response to a letter regarding a draft of the Consent order, the FTC acknowledged that "courts have frequently enforced clickwrap agreements as valid contracts." However, it countered that there are cases where disclosures in out-of-the way locations such as end user license agreements "may not be sufficient to correct a misleading impression created elsewhere." See also FTC v. Cyberspace.com, LLC, 453 F.3d 1196, 1200 (9th Cir. 2006) (fine print contractual notices are insufficient to undo deceptive net impression).
If your business model includes Internet contracting, it might be time to take a (yet another) fresh look at the overall impression given by your site. If your site puts critical disclosures or terms only in hard-to-access places, these hidden disclosures may not be enough for the contract to survive a contractual or regulatory challenge.
David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.
