The Federal Trade Commission (FTC) has taken action against cybersecurity provider Avast, requiring the company to pay a hefty $16.5 million fine to settle allegations of selling and licensing users’ web browsing data to third parties. This comes after Avast claimed that its products were designed to protect consumers from such tracking activities.
According to the FTC, Avast had been collecting and storing consumer browsing data without their knowledge or consent, as revealed in the complaint filed by the commission. This data, which included sensitive information such as religious beliefs, health concerns, financial status, and political affiliations, was then sold to over 100 third parties through Avast’s subsidiary company Jumpshot. This move was in direct contradiction to Avast’s promises to its users about safeguarding their privacy and preventing third-party tracking.
The FTC highlighted that Avast had been gathering browsing data through its antivirus software installed on users’ devices since 2014. This data collection was done under the guise of protecting users’ privacy, but in reality, it resulted in a breach of trust and a violation of consumer privacy rights. Samuel Levine, director of the FTC’s Bureau of Consumer Protection, condemned Avast’s actions as a “bait-and-switch surveillance tactics” that not only compromised consumers’ privacy but also violated the law.
As part of the settlement, the $16.5 million fine levied on Avast will be allocated to compensate affected consumers. Additionally, the FTC approved a proposed order by a 3-0 vote, which includes provisions to prevent Avast from misrepresenting its data usage practices in the future. Avast is now required to obtain explicit consent from users before selling their data, delete any browsing information shared with Jumpshot, notify consumers about the sale of their data, and implement a comprehensive privacy program to address the misconduct identified by the FTC.
This regulatory crackdown serves as a stark reminder to other companies in the cybersecurity and data privacy space about the importance of transparency, honesty, and ethical practices when it comes to handling users’ sensitive information. The FTC’s decisive action against Avast underscores the need for companies to prioritize consumer privacy and data protection above all else, and to ensure that their actions align with their stated commitments to safeguarding user information.
Moving forward, Avast will need to make significant changes to its data collection and handling practices to comply with the FTC’s requirements and to rebuild trust with its user base. The fallout from this case is likely to have far-reaching implications for the cybersecurity industry as a whole, prompting other companies to review their data practices and ensure that they are in line with regulatory standards and user expectations. It remains to be seen how Avast will navigate this challenging terrain and whether it can regain the trust of consumers who may have been impacted by its questionable data handling practices.