Avast Fined for Selling Browsing Data
The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.
In its complaint, the FTC says that Avast Limited, based in the United Kingdom, through its Czech subsidiary, unfairly collected consumers’ browsing information through the company’s browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and without consumer consent. The FTC also charges that Avast deceived users by claiming that the software would protect consumers’ privacy by blocking third party tracking, but failed to adequately inform consumers that it would sell their detailed, re-identifiable browsing data. The FTC alleged Avast sold that data to more than 100 third parties through its subsidiary, Jumpshot.
A joint investigation from Motherboard and PCMag first brought attention to Avast’s data privacy practices in 2020. Avast shut down its data harvesting arm, called Jumpshot, shortly after the reports emerged. Although Avast said it removed identifying information before selling user data, the FTC found it “failed to sufficiently anonymize consumers’ browsing information.” Instead, it sold data with unique identifiers for each browser, revealing websites visited, timestamps, the type of device and browser used, and location.
[…]
The FTC has been cracking down on poor data privacy practices in recent weeks. In January, the FTC reached a settlement with Outlogic (formerly X-Mode Social) that prevents the data broker from selling information that can be used to track users’ locations. It banned InMarket from selling precise user locations as well.
Previously:
- Vice and Engadget “Content”
- NSA Buying Logs From Data Brokers
- Avast Antivirus Software Sold Browsing History
- Avast Antivirus False Positives for Apps That Use Swift
Update (2024-02-28): Nick Heer:
What people with Big Business Brains often like to argue about the unethical but wildly successful ad tech industry is that it is not as bad as it looks because your individual data does not have any real use or value. Ad tech vendors would not bother retaining such granular details because it is beneficial, they say, only in a more aggregated and generalized form.
The problem with this argument is that it keeps getting blown up by their demonstrable behaviour.
[…]
Avast paid a $16.5 million penalty and said it would not use any of the data it collected “for advertising purposes”. The caveat makes this settlement feel a little incomplete to me.