Avast Fined Millions for Selling User Browsing Data

Avast Hit with $16.5 Million Fine, Settles with FTC Over Deceptive Data Practices, Forced to Delete User Information

Avast, a popular antivirus software, has been fined $16.5 million for selling user browsing data despite claims of protecting privacy. The FTC accused them of misleading users and selling sensitive information without consent. Avast agreed to settle, stop selling data, and delete user information.

The US Federal Trade Commission (FTC) has imposed a $16.5 million fine on Avast Limited, Avast Software, and Jumpshot for deceiving users by claiming its software would eliminate web tracking but doing the tracking itself.

It is worth noting that, the Prague, Czech Republic-based anti-malware and cybersecurity vendor stored the data indefinitely and sold it without consumers’ consent or notice while promising users exemplary privacy protection.

This development reflects the continuation of the FTC’s crackdown on companies involved in deceptive data privacy practices. In January 2024, it reached a settlement with Outlogic to prevent selling information for tracking user locations and banned InMarket from selling precise user locations.

The FTC’s Director of Consumer Protection, Samuel Levine, criticized Avast’s bait-and-switch surveillance tactics for violating consumer privacy.

In its complaint, available here (PDF), the FTC revealed that cybersecurity software company Avast collected consumers’ browsing information through its browser extensions and antivirus software, including Avast Extensions, Avast Secure Browser, Avast Mobile Software, and Avast Desktop Software. The FTC accused Avast of selling its data to over 100 third parties via Jumpshot.

For your information, in 2013, Avast acquired competitor Jumpshot, rebranded as an analytics company, and sold browsing information collected from consumers from 2014 to 2020 through it. The FTC accused Jumpshot of offering products that enabled user tracking and associating browsing histories with third-party information.

Jumpshot entered a contract with Omnicom, offering an “All Clicks Feed” for 50% of customers in the US, UK, Mexico, Australia, Canada, and Germany, and earned millions in gross revenues. Avast’s dubious data privacy practices were exposed in 2020 in a joint investigation, leading to the shutdown of Jumpshot.

Reportedly, the company collected data on religious beliefs, health concerns, political views, locations, and financial status from 2014 to 2020. The FTC found Avast failed to adequately anonymize browsing information despite the company claiming otherwise.

FTC also discovered that Avast sold data with unique identifiers for each browser, which exposed crucial data like visited websites, timestamps, user location, and the type of device and browser.

Avast agreed to settle the case with the FTC, paying $16.5 million. The order also requires Avast to stop selling or licensing browsing data to advertisers, delete all data obtained by Jumpshot, and notify affected customers of the sale.

How Jumpshot functioned

Avast’s spokesperson, Jeff Monney, reaffirmed the company’s commitment to protecting and empowering users’ digital lives, citing disagreement on the allegations while opting for a settlement.

Data privacy violations can lead to significant financial consequences for companies like Avast, including fines, lawsuits, lost business, reputational damage, and negative press coverage. Regulatory bodies enforce data privacy laws and can sue companies, resulting in further financial losses and legal costs, as evident in Avast’s case.

  1. HelloFresh Fined £140,000 for 80 Million Spam Messages
  2. Unreleased Music Stolen and Sold on Dark Web: Hacker Fined
  3. Google Incognito Mode: New Disclaimer Reveals Data Tracking
  4. Meta Fined €265 million in Facebook Data Scraping Case in the EU
  5. Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data
  6. Apple and Samsung fined millions for slowing down old smartphones

Related Posts