In the decision that might change the internet privacy standards in the future, the Federal Trade Commission (FTC) ruled the leader in software, Avast, the $16.5 million sum to pay. The privacy watchdog fines Avast as an additional penalty to the two charges that allegedly involved the sale of web users’ information to third parties by the security software manufacturer and its subsidiaries. While these companies pledged that their services would protect users from online tracking, the truth turned out to be quite the contrary. This exposed users’ trust and privacy, but did nothing to limit access to people who had been following them around for years.
UK-based Avast Limited along with its subsidiary in the Czech Republic began to suffer what can be possibly described as a ‘Data Leak’ scandal, whereby their browsing information was collected through browser extensions and antivirus software. Whether this data collection orchestrated was violating trust or without the consent of customers, it still happened without the permission of customers and companies. Yet, connection to the user limited ‘Avast’ to grab and sell the user’s personal information to the third parties. But more so, the company did not inform its users that this information could and would later be sold to other websites with their browsing activity being precisely identifiable.
While the consumer protection agencies spoke of aspirations, the Federal Trade Commission, whose mission included enforcing laws to protect users from false and misleading marketing practices, underscored the gap between rhetoric and realities. However, Samuel Levine, the head of the FTC’s Bureau of Consumer Protection, strongly rebuked Avast’s “surveillance tactics”; due to this, illegal activities like the breaching of consumers’ privacy were carried out to a large extent.
The FTC’s complaint demonstrates that since 2014, Avast has been accessing sensitive information of users through its software that include data on their financial status, political viewpoints, and health concerns, just to mention a few issues. Jumpsight collected the data, which was then sold to over a hundred third parties. It was done under Avast’s subsidiary, Jumpshot, rebranded as Avast Analytics Company.
Despite Avast arguing that the data gathered is anonymized before being sold, this did not prove to be adequate protection for the consumers’ data. The information sold contained personal details that could re-identify the users, and was not only aggregated and anonymized as promised by the company.
The settlement includes several critical stipulations:
- Prohibition on Selling Browsing Data: Avast is now barred from selling or licensing browsing data from its branded products for advertising purposes.
- Affirmative Express Consent: Avast must obtain explicit consent from consumers before selling or licensing browsing data from non-Avast products.
- Data and Model Deletion: All web browsing information transferred to Jumpshot, along with any derived products or algorithms, must be deleted.
- Consumer Notification: Avast is required to inform consumers whose data was sold without their consent about the FTC’s actions.
- Privacy Program Implementation: A comprehensive privacy program addressing the misconduct must be established by Avast.
This settlement, unanimously voted on by the FTC commissioners, underscores the importance of digital privacy and the need for transparency in how companies handle consumer data. It serves as a stark reminder of the potential consequences of betraying consumer trust and the importance of adhering to privacy laws and regulations.
The FTC’s actions against Avast highlight a commitment to protecting consumer privacy and ensuring companies are held accountable for their promises. As digital privacy becomes increasingly paramount, this case marks a significant step in the ongoing effort to safeguard consumers’ online data.
