FTC fined Avast $16.5 million for selling user data

0
30

[ad_1]

The Federal Trade Commission (FTC) has slapped antivirus maker Avast with a fine of $16.5 million for selling customer data to third parties without their consent. The Commission has also banned the firm from selling user information for advertising purposes. The cybersecurity software company has already shut down its subsidiary, called Jumpshot, which harvested and sold user data.

Avast fined $16.5 million for selling user data to third parties

The news of Avast selling the browser history of its customers broke out in January 2020. The company harvested the data of its users through Jumpshot and sold it to advertisers. A public and media backlash ensued and the firm responded by promptly shutting down its subsidiary. While Avast claimed all data was “de-identified” before selling to third parties, reports suggest it could be linked back to people’s real identities in some instances.

Investigations revealed that the antivirus company harvested and sold user data from at least 2014 to 2020. Jumpshot reportedly collected data from as many as 100 million devices and sold it to more than 100 third parties operating as digital advertisers, marketing and data analytics companies, and data brokers. Information sold included users’ web searches, the web pages they visited, and every click on the website.

According to the FTC, Jumpshot signed contracts with advertising firms to provide an “All Clicks Feed” for Avast users. It permitted the firms to “associate Avast’s data with data brokers’ sources of data, on an individual user basis.” This enabled advertisers to track users more precisely by combining data from two sources. Effectively, they could show more tailored ads and other products to those users.

It was a massive breach of privacy and trust from a company entrusted to protect people online. “Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, in an official press release from the Commission. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”

Avast must delete user information transferred to Jumpshot

Along with a $16.5 million fine, the FTC has ordered Avast to delete the web browsing information transferred to Jumpshot. It also must delete any products or algorithms its now-defunct subsidiary derived from that data. Additionally, the firm is banned from selling or licensing any browsing data from its products to advertisers. It needs to obtain affirmative express consent from consumers before selling data from non-Avast products.

The FTC has also ordered Avast to inform consumers affected by its practice about the Comission’s actions. Last but not least, it has to implement a privacy program that addresses the misconduct highlighted by the FTC. In an official statement, Avast said it disagrees with the FTC’s “allegations and characterization of the facts.” However, it is “pleased to resolve this matter” and is committed to “protecting and empowering people’s digital lives.”

[ad_2]

Source link