FTC Smacks Avast with $16.5M Fine, Ban on Selling Browsing Data

The US federal watchdog says the UK-based software provider sold consumers’ browsing data to third parties, despite promises to guard against online tracking.

Shane Snider, Senior Writer, InformationWeek

February 22, 2024

2 Min Read
The Avast logo is seen on an LED screen in the background while a silhouetted person uses a smartphone.
M4OS Photos via Alamy Stock

The Federal Trade Commission (FTC) on Thursday said it would ban software provider Avast from selling or licensing any web browsing data for advertising purposes and would require the company to pay $16.5 million.

The FTC says Avast, through its Czech subsidiary, collected consumers’ browsing information through the company’s browser extensions and antivirus software and sold the data without notice or consent. In a release, FTC charged that Avast also deceived users by claiming that its software would provide protection by blocking third-party tracking. Avast, FTC alleges, sold the data to more than 100 third parties through its subsidiary, Jumpshot.

“Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” Sam Levine, director for the FTC’s Bureau of Consumer Protection, said in a statement. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”

FTC said Avast has been collecting browsing information through browser extensions since at least 2014. The extensions can modify or extend the functionality of the consumers’ web browsers and through antivirus software installed on computers and mobile devices. When users searched for Avast’s browser extensions, the company said it would “block annoying tracking cookies that collect data on your browsing activities,” promising the software would “shield your privacy.”

The FTC’s proposed order, in addition to levying the $16.5 fine, will impose several provisions, including a prohibition on selling or licensing browsing data, requiring the company obtains affirmative express consent, forcing data and model deletion, directing the company to notify affected customers, and requiring Avast to implement a comprehensive privacy program.

In an email to InformationWeek, a spokesperson for Avast said, “Avast has reached a settlement with the FTC to resolve its investigation of Avast’s past provision of customer data to its Jumpshot subsidiary… We are committed to our mission of protecting and empowering people’s digital lives. While we disagree with the FTC’s allegation and characterization of the facts, we are pleased to resolve this matter…”

Read more about:

Regulation

About the Author

Shane Snider

Senior Writer, InformationWeek

Shane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights