Avast, a global leader in digital security and privacy that protects hundreds of millions of users from online threats through its subscription services, has been mandated by the Federal Trade Commission (FTC) to pay $16.5 million and is now prohibited from selling or licensing web browsing data for advertising purposes. This comes after charges that Avast and its subsidiaries were involved in selling consumer browsing data to third parties, contradicting their promises of safeguarding users’ online tracking privacy.

The complaint by the FTC highlights that Avast, through its browser extensions and antivirus software, unjustly collected consumers’ browsing data, which was then sold without clear notification or consumer consent. Despite claims that their products would shield users’ online privacy, Avast failed to inform them that it would sell their detailed browsing history, thus breaching consumer trust and privacy.

The browsing data in question exposed sensitive information such as users’ religious beliefs, health concerns, political views, and financial situations. The FTC alleges that this data was sold to over 100 third parties through Avast’s subsidiary, Jumpshot, without adequate anonymization, allowing for possible re-identification of users.

In addition to the financial penalty, Avast is now under several strict obligations. These include an outright ban on selling browsing data from Avast-branded products for advertising, a requirement to obtain explicit consent from consumers before selling browsing data from non-Avast products, and the deletion of all web browsing information transferred to Jumpshot. Moreover, Avast is compelled to notify consumers whose data was sold without consent and to implement a comprehensive privacy program addressing the misconduct highlighted by the FTC.

INSIDER TAKE

This ruling marks a significant moment in the ongoing battle for consumer data protection. Avast, once trusted by millions for its security and privacy solutions, has faced a substantial blow to its reputation. The FTC’s stringent actions reflect growing regulatory scrutiny on tech companies over data privacy violations. It sends a clear message to the industry about the importance of transparency and consent in data collection and usage.

The case also underscores a broader industry challenge: balancing business models based on data monetization with consumer privacy rights. As companies increasingly rely on user data for revenue, the temptation to exploit this information can lead to ethical and legal dilemmas.

For Avast, the financial penalty and imposed restrictions could lead to significant business model adjustments. The company will need to rebuild consumer trust and demonstrate a genuine commitment to privacy to recover from this setback: a hard lesson on staying true to a brand promise built around protecting the very subscribers it serves.