Cybersecurity company Avast is facing a $16.5 million fine from the Federal Trade Commission over allegations it sold user data without consent. The FTC filed a complaint on Wednesday accusing Avast of collecting and selling browsing data from consumers despite promising to protect their privacy.
Background on Avast and Merger History
Avast, founded in the late 1980s in then-Czechoslovakia, grew into a major antivirus software provider before going public and merging with other cybersecurity companies. It is now one of several brands owned by publicly-traded Gen Digital, headquartered in Tempe, Arizona and Prague.
FTC Allegations Against Avast
According to the FTC complaint, Avast claimed to block tracking cookies and prevent online tracking, only to then sell users' browsing data to third parties since at least 2014. Avast also allegedly told users it would only share anonymous, aggregated data, which was not true according to a statement by the FTC.
FTC Response and Avast Settlement
FTC chair Lina Khan stated that browsing history can reveal highly sensitive personal information and warrants heightened protection. The FTC alleges Avast's conduct was deceptive and an unfair practice.
Avast allegedly sold data to over 100 clients including consulting firms, advertisers and data brokers. Along with the fine, Avast is now barred by the FTC from selling or licensing user data for advertising purposes.
In response, Avast confirmed reaching a settlement related to its now-closed Jumpshot subsidiary but disagreed with the allegations, saying it looks forward to continuing to serve its millions of customers globally.
What Can We Learn From This?
One of the most important things to take away from this incident is that we need more control over our data. Large companies should be transparent about how they use it and must provide us with clear options for managing and protecting our personal information.
Without our consent, they should not be able to sell our data to third parties. While having complete control over our data may not be possible right now, what we can do is keep ourselves informed about the privacy policies of the services we use.