Avast to Pay $16.5M Fine for Selling Consumer Browsing Data

The Federal Trade Commission (FTC) is requiring Avast, a antivirus security provider, to pay a $16.5 million fine to settle charges that the company and its subsidiaries have been selling and licensing Web browsing data to third parties, after claiming that its products protect consumers from such online tracking.

The FTC said that Avast collected consumer browsing data and stored it indefinitely without notice or consent, as noted in the complaint. In addition, the FTC claimed that Avast deceived its users when it said that it would protect their privacy by preventing third-party tracking, only to sell identifiable browsing data to more than 100 third parties through Jumpshot, a subsidiary company.

The FTC claimed that Avast has been collecting consumer browsing data since 2014 using antivirus software installed on user devices. The browsing data reveals private information of the users such as religious beliefs, health concerns, financial status, political affiliations, and other sensitive information.

"Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite," said Samuel Levine, director of the FTC's Bureau of Consumer Protection. "Avast's bait-and-switch surveillance tactics compromised consumers' privacy and broke the law."

The money Avast has been ordered to pay will go to the affected consumers. Furthermore, in a proposed order that was approved 3-0 by the commission, the company will be prohibited from "misrepresenting how it uses the data it collects."

In addition to this, Avast must obtain affirmative expressed consent from users before selling their data, delete Web browsing information transferred to Jumpshot, notify consumers of their sold browsing data, and implement a privacy program to address misconduct underscored by the FTC.