Skip to main content

Your mother was right: the FTC confirms you don't get a second chance to make a first impression

Written by Cynthia and Michele

So you thought that if you made "full disclosure" in your online agreements with customers, you'd be OK -- well, it's time to think again.

The FTC recently confirmed in In re Sears Holdings Management Corp that even full disclosure of company practices in an end user license agreement (“EULA”) or terms of service (“TOS”) may be no defense to fraud claims. Nearly all online service providers require users to agree to terms of use. And, typically these terms of use are enforceable. However, the FTC’s recent order makes it clear that the adequacy of the disclosures in a EULA or TOS will be determined not by the completeness of the disclosure itself, but on a case-by-case basis in light of all of the other representations made to consumers. Thus, burying the use of marketing software with behavioral tracking capabilities, even though ultimately disclosed fully, in a multi-step sign-up and download process as Sears did will not necessarily shield a company from a fraud claim.

Requiring online service providers to obtain express consent before employing marketing software is nothing new. For example, in a consent order reached with a company called Zango, the FTC said that express consent is required before employing tracking software with pop-ups --- and tagged Zango for $3 million. In another case, In re DirectRevenue LLC, the FTC required express consent before installing what they called “lureware,” along with a fine of $1.5 million.

What is notable about Sears, however, is the shift in focus from the completeness of disclosure itself to its completeness in light of all other representations. While a EULA disclosure may be complete in itself, it is now clear that even a full and complete disclosure will correct other representations if the overall impression is misleading. In short, service providers will not get a second chance to make a good first impression.

Practical advice -- take another look at your EULA or TOS and make sure that it is not just complete, but it is accurate.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.