The Federal Trade Commission (FTC) has issued a significant ruling against its member company, Avast, following claims that the cybersecurity giant engaged in deceptive practices by selling users’ web browsing data. The FTC announced on Thursday that it will ban Avast from selling such data to advertisers and settle related charges for $16.5 million. This settlement is intended to address user privacy concerns and compensate those affected by improper data sales.
Background: Avast’s Alleged Practices
Avast, a well-known antivirus software provider, has long advertised its products as safeguarding users’ privacy through advanced security features designed to prevent online tracking. However, the FTC alleges that Avast violated consumer protection laws by leveraging its browser extensions to collect extensive browsing habits and other sensitive data.
The FTC’s Charges
The regulator claimed that Avast collected users’ web search history, visited websites, and even gathered information about their religious beliefs, health conditions, political inclinations, and locations. These data points were allegedly sold to numerous companies, including tech giants like Google, Yelp, Microsoft, Home Depot, and consulting firms such as McKinsey.
Jumpshot’s Role
A key piece of evidence in the FTC’s case was the now-defunct subsidiary, Jumpshot, which Avast utilized to sell its sensitive data. In a January 2020 investigation by Vice News and PCMag, it was revealed that Jumpshot sold data to external entities for profit. The FTC argued that Avast knew about these practices but failed to disclose them to users.
The Settlement
The FTC’s settlement aims to rectify the situation by ensuring compliance with privacy laws. By requiring Avast to halt its data-sharing activities, the regulator seeks to protect consumers from further exploitation while addressing the company’s legal violations.
Impact of the Decision
This ruling marks a significant step in regulating the cybersecurity industry. It underscores the importance of transparency and accountability for tech companies handling user data. The FTC’s action is expected to set precedents for similar investigations into other firms involved in comparable practices.
Post-Banning Measures
Avast has not yet responded to the FTC’s allegations, but the company’s member status within the FTC may be impacted moving forward. The regulator has until March 15 to finalize its decision on whether to impose additional penalties or take further action against Avast.
Related Cybersecurity News
- FTC Targets Avast for Data Mismanagement: The commission launches probes into Avast’s alleged violations of consumer privacy laws.
- Jumpshot Subsidiary Alleged Data Selling Practices: An internal investigation uncovers Avast’s exploitation of user data through its subsidiary.
- Avast Admits to Flaws in Privacy Protections: The company confirms that its browser extensions collected more extensive user data than previously disclosed.
Conclusion
The FTC’s decision to ban Avast from selling user data represents a pivotal moment for the cybersecurity industry. It highlights the need for robust regulatory frameworks to protect consumers’ privacy and hold companies accountable for their practices.