Avast [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], a UK-based cybersecurity firm [5], has been fined $16.5 million by the US Federal Trade Commission (FTC) for unlawfully collecting and selling customer web browsing data to over 100 third parties for advertising purposes.

Description

The FTC found that Avast deceived customers by claiming to protect their privacy while selling sensitive information [9], including URLs of webpages visited [5], search queries [5], and cookies [5], through its subsidiary Jumpshot [2] [3] [8] [10]. This data included personal information such as religious beliefs, health concerns [1] [2] [7] [8] [10], political leanings [1] [2], and financial situations [8]. Avast has been collecting browsing data since 2014 [10], with Jumpshot collecting and selling over 8PB of browsing information [4]. As part of the settlement [3] [9], Avast will be banned from selling or licensing user browsing data for advertising purposes and has voluntarily closed Jumpshot [9]. The company must pay affected consumers [10], obtain consent before selling data [3] [6] [10], delete transferred information [3] [10], notify consumers of sold data [10], and implement a privacy program to address misconduct [8] [10]. Avast has responded by stating that they disagree with the allegations but are pleased to resolve the matter [5]. The FTC has also issued a proposed order to prevent future violations. Additionally, Avast and its subsidiaries are prohibited from misrepresenting their data usage practices and must delete the transferred browsing information and implement a comprehensive privacy program [2].

Conclusion

The fine imposed on Avast and the measures required by the FTC highlight the importance of protecting consumer privacy and ensuring transparency in data collection practices. This case serves as a reminder to companies to uphold ethical standards and comply with regulations to avoid facing similar consequences in the future.

References

[1] https://www.techspot.com/news/101997-avast-fined-165-million-ftc-selling-user-browsing.html
[2] https://dig.watch/updates/avast-ordered-to-pay-16-5-million-for-illegally-selling-user-browsing-data
[3] https://www.helpnetsecurity.com/2024/02/23/ftc-avast-sold-browsing-data/
[4] https://www.techradar.com/pro/security/ftc-bans-avast-from-selling-user-data-to-ad-agencies-antivirus-giant-hit-with-major-fine
[5] https://www.infosecurity-magazine.com/news/avast-fine-selling-browser-data/
[6] https://www.dataguidance.com/news/usa-ftc-proposes-165m-fine-against-avast-sale-browsing
[7] https://techmonitor.ai/technology/cybersecurity/avast-fine-ftc-user-data
[8] https://www.subscriptioninsider.com/topics/regulation-and-compliance/avast-faces-16-5-million-fine-and-browsing-data-sale-ban-after-ftc-charges
[9] https://www.cbsnews.com/news/ftc-avast-browsing-data-privacy/
[10] https://www.darkreading.com/cyber-risk/ftc-orders-avast-to-pay-16-5m-for-selling-consumer-browsing-data