Security News > 2024 > February > Avast shells out $17M to shoo away claims it peddled people's personal data

The US regulator filed [PDF] a lengthy complaint against Avast regarding its use and alleged misuse of customer data.

According to the FTC's allegations it sold browsing information collected by its parent from 2014 until Avast grounded the biz in 2020 when allegations of customer data sales emerged.

Data feeds from Jumpshot included unique identifiers that could be teased out to determine device type and location, and contracts that were supposed to protect user data "Were worded in a way that enabled data buyers to associate non-personally identifiable information with Avast users," the watchdog revealed.

In addition to paying $16.5 million to the FTC, Avast has been prohibited from selling browser data and must destroy all web browsing data transferred to Jumpshot as well as any algorithms derived from said data.

Avast will also have to ensure it secures express consent for data licensing from users, implement a privacy program, and inform all users whose data was sold by Jumpshot about the FTC's decision.

"Avast has reached a settlement with the FTC to resolve its investigation of Avast's past provision of customer data to its Jumpshot subsidiary that Avast voluntarily closed in January of 2020," Avast told The Register on Thursday.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/23/avast_ftc_settlement/