FTC Smacks Avast with $16.5M Fine, Ban on Selling Browsing Data

The Federal Trade Commission (FTC) on Thursday said it would ban software provider Avast from selling or licensing any web browsing data for advertising purposes and would require the company to pay $16.5 million.

The FTC says Avast, through its Czech subsidiary, collected consumers’ browsing information through the company’s browser extensions and antivirus software and sold the data without notice or consent. In a release, FTC charged that Avast also deceived users by claiming that its software would provide protection by blocking third-party tracking. Avast, FTC alleges, sold the data to more than 100 third parties through its subsidiary, Jumpshot.

“Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” Sam Levine, director for the FTC’s Bureau of Consumer Protection, said in a statement. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”

FTC said Avast has been collecting browsing information through browser extensions since at least 2014. The extensions can modify or extend the functionality of the consumers’ web browsers and through antivirus software installed on computers and mobile devices. When users searched for Avast’s browser extensions, the company said it would “block annoying tracking cookies that collect data on your browsing activities,” promising the software would “shield your privacy.”

The FTC’s proposed order, in addition to levying the $16.5 fine, will impose several provisions, including a prohibition on selling or licensing browsing data, requiring the company obtains affirmative express consent, forcing data and model deletion, directing the company to notify affected customers, and requiring Avast to implement a comprehensive privacy program.

In an email to InformationWeek, a spokesperson for Avast said, “Avast has reached a settlement with the FTC to resolve its investigation of Avast’s past provision of customer data to its Jumpshot subsidiary… We are committed to our mission of protecting and empowering people’s digital lives. While we disagree with the FTC’s allegation and characterization of the facts, we are pleased to resolve this matter…”