AV (antivirus) companies typically do not sell your browsing data, as it goes against their commitment to user privacy and security.
Their business model relies on protecting user data from cyber threats rather than exploiting it.
But recently, the Federal Trade Commission (FTC) ordered Avast to pay $16.5 million for selling users’ browsing data.
Your browsing history can reveal personal details about everything from love to finances, politics to weight loss, job refusals to gambling.
FTC orders Avast to pay $16.5 million
The FTC fined Avast $16.5 million for selling users’ browsing data without their consent. Avast’s browser extensions and antivirus software collected and sold data, violating our privacy commitments.
Avast misled users by claiming to block tracking while selling detailed browsing data to over 100 third parties through its Jumpshot subsidiary.
Since 2014, Avast has collected browsing data, including sensitive information such as religion and financial status, through browser extensions and antivirus software.
Avast did not disclose this data collection, claiming it would reduce tracking. After acquiring Jumpshot, Avast sold consumer data to various clients until 2020.
The company falsely claimed to anonymize user data, but the FTC found that it did not adequately protect identifying information.
Contrary to the promise of aggregated and anonymous transfers, it sold detailed browsing data such as unique identifiers, timestamps, device details, and location information.
The company could not prevent data buyers from re-identifying users, even if the contract contained a prohibition.
Some Jumpshot products allowed clients to track specific users and correlate their browsing history with other information, as seen in the Omnicom deal.
Apart from the $16.5 million fine, Avast must refrain from misrepresenting data usage.
The proposed order includes various provisions, including:
- Prohibition of sale of browsing data
- Obtaining affirmative and explicit consent
- Delete data and models
- notify consumers
- Implementing a privacy program
The FTC issued a complaint and accepted the agreement by a vote of 3-0. A description of the agreement will soon be published in the Federal Register for 30 days of public comment.
Avast was deceived into improperly releasing detailed browsing data, violating Section 5 of the FTC Act. It is against the law to sell or share your browser history without explicit permission.
The FTC emphasizes increased privacy obligations for sensitive data, from location information to health information.
The Avast case joins a series of cases highlighting the need to protect sensitive information.
Block malware such as Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. Perimeter81 Malware Protection. All of these are extremely harmful and can cause havoc and damage your network.
Stay up to date with cybersecurity news, whitepapers, and infographics. Follow us on LinkedIn. twitter.
