Privacy-focused Avast fined $16.5 million for secretly selling user data
What's the story
The Federal Trade Commission (FTC) has slapped cybersecurity firm Avast with a hefty $16.5 million (nearly Rs. 1,368 crore) fine for secretly storing and selling customer data without permission.
Between 2014 and 2020, Avast allegedly used its antivirus software and browser extension to collect users' web browsing data, including sensitive information like religious beliefs, health concerns, and political views.
The company then sold this data to over 100 third parties, all without the customers' knowledge.
About the case
Deceptive data privacy practices
Avast claimed that its software would help users avoid being tracked online, but it was doing the tracking itself.
The FTC said that Avast didn't do enough to anonymize the data before selling it, leaving unique identifiers for each browser.
This meant that details like websites visited, timestamps, device and browser types, and locations were exposed.
The proposed FTC order would stop Avast from misrepresenting its data collection practices and ban it from selling user data for advertising purposes.
FTC order
Avast to delete all web browsing data
Avast must also cease selling or licensing browsing data from its products to advertisers and delete all web browsing data obtained by its data harvesting subsidiary, Jumpshot.
The company is even required to inform affected customers about the unauthorized sale of their data.
Avast spokesperson Jess Monney told the Verge, "While we disagree with the FTC's allegations and characterization of the facts, we are pleased to resolve this matter."