Avast sold privacy software, then sold users’ web browsing data, FTC alleges
After promising that its software would shield internet users from third-party tracking, Avast allegedly harvested and sold customers’ online browsing data, according to the Federal Trade Commission.
The maker of antivirus software deceived customers by claiming it would protect their privacy, while not making clear it would collect and sell their “detailed, re-identifiable browsing data,” the agency announced Thursday.
“Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a statement. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”
U.K.-based Avast, through a Czech subsidiary, from 2014 to January 2020 stored and sold customer data collected through browser extensions and antivirus software installed on computers and mobile devices, according to the FTC’s complaint.
That information, culled from users’ online searches and the websites they visited, included their religious beliefs, health concerns, political leanings, location and financial status, and was sold to more than 100 third parties through an Avast subsidiary called Jumpshot, according to the agency.
For example, Jumpshot contracted with Omnicom to provide the advertising conglomerate with an “All Clicks Feed” for 50% of its customers in the U.S., United Kingdom, Mexico, Australia, Canada and Germany, the FTC stated. According to the contract, Omnicom was permitted to associate Avast’s data with data brokers’ sources of data on an individual user basis, the agency noted.
The FTC said Avast would pay $16.5 million to compensate consumers. Under a proposed settlement with the agency, the company and its subsidiaries will also be banned from selling or licensing any user browsing data for advertising purposes. Avast is owned by Gen Digital, a publicly traded company with headquarters in Tempe, Arizona, and Prague in the Czech Republic.
Avast acknowledged the settlement with the FTC to resolve the agency investigation, noting it voluntarily closed Jumpshot in January of 2020.
“While we disagree with the FTC’s allegations and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world,” a spokesperson for Gen Digital stated.