Avast has agreed to collect $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties.
Submitted by U.S. regulators [PDF] Long-standing complaints against Avast regarding its use and alleged misuse of customer data. The security shop collects people’s information through browser extensions and antivirus software, stores it indefinitely, fails to properly anonymize it, and includes “advertising, marketing, and data analytics companies and data brokers.” It was sold to “more than 100 third parties.” The FTC argued.
“FTC privacy cases typically target companies that misrepresent their data practices, but they do “Avast’s decision to advertise in the United States is particularly upsetting,” FTC Chair Lina Khan said in a statement.statement [PDF] In the early hours of today.
Avast appears to have sold the data through Jumpshot, a subsidiary it acquired in 2014 and established as an analytics company. According to the FTC’s complaint, the company sold browsing information collected by its parent company from 2014 until Avast went out of business in 2020 after allegations of selling customer data surfaced.
“Browsing data” [sold by Jumpshot] This includes information about your web searches and the web pages you visit, including your religious beliefs, health concerns, political leanings, location, financial status, and access to children’s content. , and other sensitive information was disclosed,” the FTC alleged.
In addition to simply collecting and selling data, the FTC notes that Avast’s attempts to anonymize user information are minimal at best, making it easy for buyers to reassociate their data troves with individuals. He claimed that Data feeds from Jumpshot include unique identifiers that can be read to determine device type and location, and the agreements that purportedly protect user data require that data buyers was worded in such a way that non-identifying information could be associated with Avast users.” The guard dog revealed.
According to the FTC’s complaint, Jumpshot had amassed more than 8 petabytes of browsing data by the time it was shut down in 2020.
In addition to paying $16.5 million to the FTC, Avast is prohibited from selling browser data and must destroy all web browsing data transferred to Jumpshot and the algorithms derived from that data. Avast must also ensure explicit consent to data licenses from users, implement a privacy program, and notify all users whose data was sold by Jump Shot about the FTC’s decision.
However, Avast has not admitted guilt. This is a typical result for this kind of scenario.
“Avast has reached a settlement with the FTC to resolve an investigation into Avast’s past provision of customer data to its Jumpshot subsidiary, which Avast voluntarily closed in January 2020,” Avast said. register on Thursday.
“While we disagree with the FTC’s allegations and characterization of the facts, we are pleased to have resolved this matter and look forward to continuing to serve our millions of customers around the world. .”®