Security News > 2024 > February > Avast ordered to pay $16.5 million for misuse of user data

The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.

From 2014 to 2020, Jumpshot sold browsing information that Avast had collected from consumers to a variety of clients including advertising, marketing and data analytics companies and data brokers, according to the complaint.

When Avast did describe its data sharing practices, Avast falsely claimed it would only transfer consumers' personal information in aggregate and anonymous form, according to the complaint.

The FTC says the company failed to prohibit some of its data buyers from re-identifying Avast users based on data that Jumpshot provided.

Even where Avast's contracts included such prohibitions, the contracts were worded in a way that enabled data buyers to associate non-personally identifiable information with Avast users' browsing information.

According to the contract, Omnicom was permitted to associate Avast's data with data brokers' sources of data, on an individual user basis.

News URL

https://www.helpnetsecurity.com/2024/02/23/ftc-avast-sold-browsing-data/