Avast ordered to pay $16.5 million for illegally selling user browsing data

The US Federal Trade Commission (FTC) has ordered a software company Avast, to pay $16.5 million and cease selling or licensing web browsing data for advertising purposes. The charges against Avast include allegations that the company collected and sold users’ browsing information without their consent, despite promising to protect their privacy.

Czech company based in the UK, collected the US consumers’ browsing information using browser extensions and antivirus software, according to the FTC complaint. The collected data included details about users’ web searches, visited webpages, religious beliefs, health concerns, political leanings, location, financial status, and visits to child-directed content. This information was stored indefinitely and sold to third parties without adequate notice or consent.

The FTC also argues that Avast deceived users by falsely claiming that its software would safeguard their privacy and block third-party tracking. Company failed to sufficiently inform consumers that it would sell their detailed, re-identifiable browsing data. The data was sold to over 100 third parties through Avast’s subsidiary, Jumpshot.

In addition to fine, Avast and its subsidiaries will be prohibited from misrepresenting their data usage practices. Under the proposed order, Avast is required to delete the browsing information transferred to Jumpshot and any products or algorithms derived from that data.

The company must also notify consumers whose browsing information was sold without consent about the FTC’s actions. Furthermore, they will be required to implement a comprehensive privacy program to address the misconduct highlighted by the FTC.