Avast will be ordered to pay$ 16. 5 million by the U. S. Federal Trade Commission (FTC ) and prohibited from licensing or selling users ‘ web browsing data for commercial purposes.
According to the complaint, Avast violated the rights of millions of consumers by collecting, storing, and selling their browsing information without their knowledge or consent while deceiving them into believing that the tools they used would prevent online tracking.
Avast’s decision to explicitly market its products as protecting users ‘ browsing records and protecting data from tracking only to then sell those records is particularly infuriating, according to FTC Chair Lina M. Khan. This is in contrast to the frequent privacy lawsuits the organization files against businesses that misrepresent their data practices.
Furthermore, the amount of data Avast released is astounding; according to the complaint, Jumpshot accumulated “more than eight petabytes of browsing information dating back to 2014” by 2020.
More specifically, the FTC claims that since at least 2014, Avast Limited, a UK-based company, has been using antivirus software and browser extensions to collect customers ‘ web browsing data without their knowledge or consent.
Avast data feeds combined information on every website visited, timestamps, device and browser type, as well as the users ‘ city, state, and country, with unique identifiers for each web browser. The business falsely asserted that it would only transfer users ‘ personal information in an aggregate and anonymous form when outlining its data-sharing procedures.
Additionally, according to the FTC, Avast sold this information through their Jumpshot subsidiary to more than 100 third parties between 2014 and 2020.
For instance, according to the complaint, Jumpshot entered into a contract with the advertising firm Omnicom that gave it access to 50 % of its customer data from six nations: the US, the UK, Mexico, Australia, Canada, and Germany.
Users were also allegedly duped by Avast’s claim that it would safeguard their privacy by preventing third-party tracking. They were not, however, made aware of the sale of their thorough, re-identifiable browsing data.
In addition to being ordered to pay$ 16.5 million, Avast will be forbidden from selling or licensing any browsing information gathered from third parties for advertising purposes.
Before selling or licensing browsing data obtained from non-Avast products, the business will need the permission of every customer.
Additionally, the FTC will demand that Avast delete all web browsing information shared with Jumpshot as well as any algorithms or products created using that information.
Additionally, Avast will be required to inform users about the FTC’s actions against the business whose browsing information was unlawfully sold to third parties.
” Avast delivered on its promise to users that its products would safeguard their browsing data’s privacy. According to Samuel Levine, the director of the FTC’s Bureau of Consumer Protection, Avast violated the law by using bait-and-switch surveillance techniques, which also compromised consumers ‘ privacy.
According to an Avast spokesperson, the investigation into the data shared with the Jumpshot subsidiary, which was shut down in January 2020, has already been resolved by the company and the FTC.
According to an Avast spokesperson,” We are dedicated to our mission of defending and empowering people’s digital lives.”
We are happy to resolve this issue and look forward to continuing to serve our millions of customers around the world, even though we disagree with the FTC’s assertion and characterization of the facts.
Avast’s statement was added as of February 22 at 11:57EST.