Avast to Shell Out $16.5m in FTC Settlement Over Consumer Data Misuse

Federal Trade Commission

WASHINGTON, D.C. — In a monumental move, the Federal Trade Commission (FTC) is mandating software provider Avast to fork out $16.5 million in response to charges that the company sold consumers’ browsing data illegitimately to third parties. The settlement also decrees Avast and its subsidiaries to cease selling or licensing any web browsing data for advertising objectives.

Avast Limited, a U.K.-based company, through its Czech subsidiary, is accused of unfairly aggregating consumers’ browsing data via its browser extensions and antivirus software, retaining it indefinitely, and trading it without sufficient notice or consumer consent. The FTC further alleges that Avast misled users by asserting that its software would shield consumers’ privacy by obstructing third-party tracking, yet disclosed no intimation that it would commercialize their detailed, re-identifiable browsing data.

“Avast pledged users that its products would secure the privacy of their browsing data but delivered the opposite,” stated Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Avast’s bait-and-switch surveillance tactics violated consumers’ privacy and broke the law.”

Since at least 2014, Avast had been gathering consumers’ browsing data, which included information about users’ web searches and the websites they visited. This data disclosed consumers’ religious beliefs, health worries, political inclinations, location, financial status, and visits to child-directed content, among other sensitive details.

The complaint further alleges that Avast misled consumers by promising its products would reduce online tracking, creating a stark contrast to its actual operations. After Avast purchased Jumpshot, a competitor antivirus software provider, Jumpshot was transformed into an analytics company that sold browsing information Avast had collected without user consent.

READ:  FTC Releases FY 2024 Financial Report: Unbroken Audit Record and Consumer Protection Milestones

Contrary to claims, Avast failed to adequately anonymize the browsing data sold in non-aggregate forms. To exacerbate things further, Avast’s contracts with its data buyers were framed in a manner that allowed these buyers to re-identify Avast users based on the data provided. Some Jumpshot products were even designed to track specific users or associate their browsing histories with other client-owned information.

As part of the settlement in addition to the $16.5 million penalty, Avast is forbidden from misrepresenting its data use, selling browsing data, licensing data without consumer consent, and must delete all transferred browsing information. Moreover, the company must alert consumers whose browsing information was sold without consent about the FTC’s actions against the company and implement a comprehensive privacy program.

This punitive measure by the Federal Trade Commission (FTC) serves to highlight the critical importance of implementing robust cybersecurity measures and enhancing transparency in handling consumer data. In the rapidly evolving digital era, safeguarding consumer privacy has become significantly vital, and the stringent actions undertaken by the FTC underscore a firm stance against enterprises that neglect to prioritize it.

For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.