A pair of recent FTC orders demonstrate that despite aggressive action against businesses deemed to have made false or deceptive disclosures on privacy and cybersecurity matters, the Commission is also open to a more nuanced approach to disclosure and is willing to reconsider existing consent orders when circumstances change. This article analyzes (1) the recent settlement order with PayPal, whose Venmo unit misled users about the privacy of transactions and the availability of their funds and (2) the Order Reopening and Modifying a 2009 Order, which does away with a requirement that Sears make extensive disclosures on its mobile apps about how it tracks certain web browsing. See “Lessons and Trends From FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two)” (Jan. 31, 2018).