The Federal Trade Commission (FTC) has ordered British firm Avast to pay $16.5 million and banned the company from selling, disclosing, or licensing web browsing data for advertising purposes, the agency announced on June 27.
As part of the order, the cybersecurity software provider and its subsidiaries must delete web browsing information transferred to its Czech subsidiary and any products or algorithms derived from that data.
It must also obtain consent from consumers before selling or licensing browsing data from non-Avast products to third parties for advertising, and tell them if their browsing information was sold to third parties without their consent. The company also has to implement a “comprehensive privacy program” to address its misconduct as alleged by the FTC.
The ban stems from a complaint filed by the FTC in February alleging the UK-based Avast Limited, via Czech subsidiary Jumpshot, unfairly collected and sold consumers’ browsing information to more than 100 third parties, despite promising that its products would protect consumers from online tracking.
The FTC further claimed that the firm deceived customers by claiming the software would protect their privacy by blocking third-party tracking only to then allegedly sell their detailed, re-identifiable browsing data.
“Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection in a statement when the lawsuit was announced. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”
Avast announced in January 2020 that Jumpshot would cease operating.
“The bottom line is that any practices that jeopardize user trust are unacceptable to Avast,” said Avast CEO Ondrej Vlcek. “We are vigilant about our users’ privacy, and we took quick action to begin winding down Jumpshot’s operations after it became evident that some users questioned the alignment of data provision to Jumpshot with our mission and principles that define us as a Company.”
In an email statement to The Epoch Times, an Avast spokesperson said the company reached a settlement with the FTC in February 2024 to resolve its investigation of the company’s past provision of customer data to its Jumpshot subsidiary, which Avast voluntarily closed in January 2020.
“This latest notice from the FTC is finalizing that settlement,” the spokesperson said. “We are pleased to resolve this matter and remain committed to our mission of protecting and empowering people’s digital lives.”
