Lina Khan-led FTC fines cybersecurity firm Avast $16.5 mn for selling browser data
The US Federal Trade Commission (FTC) has issued a fine of $16.5 million on the cybersecurity company Avast over the charges that the firm sold browsing data to third parties after claiming its products would block online tracking
image for illustrative purpose
San Francisco, Feb 23: The US Federal Trade Commission (FTC) has issued a fine of $16.5 million on the cybersecurity company Avast over the charges that the firm sold browsing data to third parties after claiming its products would block online tracking.
According to FTC, the firm did the opposite instead of what it claims. Despite its promises to protect consumers from online tracking, it sold consumers' browsing data to third parties -- without users' knowledge or consent.
"Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite. Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law," Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said in a statement.
The FTC alleged that the cybersecurity firm sold that data to over 100 third parties through its subsidiary, Jumpshot.
The Lina Khan-led agency also noted that Avast has been collecting users' browsing data through browser extensions since at least 2014, which can modify or extend the functionality of consumers’ web browsers, and through antivirus software installed on their computers and mobile devices.
"This browsing data included information about users’ web searches and the webpages they visited -- revealing consumers’ religious beliefs, health concerns, political leanings, location, financial status, visits to child-directed content and other sensitive information," the agency mentioned.
In addition to paying $16.5 million, the proposed order will prohibit Avast and its subsidiaries from misrepresenting how it uses the data it collects.
Other provisions of the proposed order include -- prohibition on selling browsing data, obtain affirmative express consent, data and model deletion, notify consumers, and implement privacy programme.