UK Software Company to Pay $16M Over FTC Privacy Claims
Avast misrepresented itself and sold user data without consent, the FTC alleged in a $16.5 million settlement announced with the U.K.-based software company Thursday. Since at least 2014, Avast has collected consumer browsing data through its browser extensions and antivirus software, according to the FTC complaint. Until 2020, Avast’s subsidiary Jumpshot sold the browsing information to more than 100 third parties, including “advertising, marketing and data analytics companies and data brokers,” the agency said. The company claimed it used an algorithm that removed identifying information but failed to “sufficiently anonymize consumers’ browsing information that it sold in non-aggregate form through various products,” the agency said. Chair Lina Khan said in a joint statement with Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya: “Exposing people’s detailed browsing data in ways that can be traced back to them marks an invasion of privacy and is likely to cause substantial injury. ... Businesses that sell or share browser history data without affirmatively obtaining people’s permission may be in violation of the law.” An attorney for Avast didn't comment.