FTC bans Avast from selling user data to ad agencies — antivirus giant hit with major fine

Avast hit with $16.5 million fine for selling customer browsing data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Federal Trade Commission (FTC) has issued a $16.5 million penalty against cybersecurity giant Avast, and also imposed a ban on the company from selling users’ browsing data for advertising purposes.

The FTC accused Avast of violating the privacy rights of millions of consumers by collecting, storing and selling their browsing data without consent, misleading them about the protective capabilities of the company’s products.

Thecomplaintrevealed that Avast’s subsidiary, Jumpshot, had amassed over 8PB (or around 8,200TB) of browsing information dating back to at least 2014, involving unique identifiers, timestamps, device information and user location.

Avast fined for collecting users’ browsing data

Avast fined for collecting users’ browsing data

The Commission disclosed that Avast has harvested users’ browsing information using browser extensions and antivirus software since at least 2014, storing it indefinitely and selling it on to over 100 third parties through Jumpshot up until 2020.

The report reveals that Avast failed to inform users that their detailed, re-identifiable browsing data was being sold, despite promising protection against third-party tracking.

The company’s deceptive practices came to light in December 2019, when Mozilla removed four of the company’s own browser extensions due to privacy concerns. Mozilla’s decision ultimately spurred subsequent investigations, leading to the FTC’s intervention.

As well as the $16.5 million fine, Avast has also been prohibited from licensing or selling browsing data collected through its products for advertising purposes. The company is now required to obtain explicit permission before selling non-Avast product browsing data.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The FTC has also mandated the cybersecurity company to inform affected users about the sanctions.

An Avast spokesperson commented: “While we disagree with the FTC’s allegation and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”

More from TechRadar Pro

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Watch out, Nvidia - new benchmarks suggest Apple M4 Ultra could beat the mighty RTX 4090