The FTC found that Avast collected reams of personal data through its antivirus product, then sold it to more than 100 third parties without disclosing its practices.

Dark Reading Staff, Dark Reading

February 23, 2024

1 Min Read
FTC seal
Source: GK Images via Alamy Stock Photo

The Federal Trade Commission (FTC) is requiring Avast, a antivirus security provider, to pay a $16.5 million fine to settle charges that the company and its subsidiaries have been selling and licensing Web browsing data to third parties, after claiming that its products protect consumers from such online tracking.

The FTC said that Avast collected consumer browsing data and stored it indefinitely without notice or consent, as noted in the complaint. In addition, the FTC claimed that Avast deceived its users when it said that it would protect their privacy by preventing third-party tracking, only to sell identifiable browsing data to more than 100 third parties through Jumpshot, a subsidiary company.

The FTC claimed that Avast has been collecting consumer browsing data since 2014 using antivirus software installed on user devices. The browsing data reveals private information of the users such as religious beliefs, health concerns, financial status, political affiliations, and other sensitive information.

"Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite," said Samuel Levine, director of the FTC's Bureau of Consumer Protection. "Avast's bait-and-switch surveillance tactics compromised consumers' privacy and broke the law."

The money Avast has been ordered to pay will go to the affected consumers. Furthermore, in a proposed order that was approved 3-0 by the commission, the company will be prohibited from "misrepresenting how it uses the data it collects."

In addition to this, Avast must obtain affirmative expressed consent from users before selling their data, delete Web browsing information transferred to Jumpshot, notify consumers of their sold browsing data, and implement a privacy program to address misconduct underscored by the FTC.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights