Avast, the cybersecurity software company, is slapped with a $16.5 million fine by the Federal Trade Commission (FTC) for unauthorized storage and sale of customer information. The company, known for its antivirus software, allegedly harvested user data from web browsers without their consent, violating privacy norms.
Deceptive Data Practices
The FTC’s complaint reveals that from 2014 to 2020, Avast collected user web browsing information through its antivirus software and browser extension. This data included sensitive details like religious beliefs, health concerns, political views, locations, and financial status. Without user knowledge, Avast stored this information indefinitely and sold it to over 100 third parties.
A joint investigation by Motherboard and PCMag in 2020 exposed Avast’s data privacy practices, leading to the shutdown of its data harvesting arm, Jumpshot. Avast claimed to remove identifying information before selling user data, but the FTC found that the company “failed to sufficiently anonymize consumers’ browsing information,” selling data with unique identifiers.
FTC’s Actions and Proposed Order
In addition to the $16.5 million fine, the FTC’s proposed order forbids Avast from misrepresenting its data handling practices. Avast is prohibited from selling or licensing any browsing data from its products to advertisers. The company is required to delete all web browsing data obtained by Jumpshot and notify affected customers about the unauthorized sale of their data.
Avast’s spokesperson, Jess Monney, expressed disagreement with the FTC’s allegations but stated the company’s commitment to resolving the matter and continuing to serve its customers worldwide.
The FTC has recently intensified its crackdown on companies with poor data privacy practices, emphasizing the need for transparent and ethical handling of user information.
Read more about the FTC’s actions against Avast.