Description

The US Federal Trade Commission (FTC) is taking action against cybersecurity firm Avast, seeking to prohibit the company from selling customer web browsing data to third-party advertisers. The FTC's complaint alleges that Avast unfairly collected consumer web browsing data through its browser extension and anti-virus software without adequate notice or consent, subsequently selling it to over 100 third parties via its subsidiary, Jumpshot. The FTC accuses Avast of deceiving users by promising privacy protection through its software while secretly selling detailed, re-identifiable browsing data. This data, collected since at least 2014, included sensitive information such as users' web searches, visited web pages, religious beliefs, health concerns, political leanings, and financial status. Despite Avast's claims of anonymization, the FTC contends that the company failed to adequately protect users' privacy, as the sold data included unique identifiers for each browser, precise timestamps, device and browser types, and geographic location details. Avast's acquisition of Jumpshot and subsequent rebranding as an analytics entity facilitated the sale of browsing information to advertising, marketing, and data analytics firms. The FTC seeks to impose a $16.5 million fine on Avast and prohibit the company from selling or licensing any web browsing data for advertising purposes. FTC Director Samuel Levine condemned Avast's practices, labeling them as "bait-and-switch surveillance tactics" that violated consumer privacy and legal standards. The FTC's enforcement action underscores the importance of transparent data collection and usage practices in the digital age.