February 22, 2024 at 11:55AM
The FTC ordered Avast to pay $16.5 million and banned it from selling users’ web browsing data. The complaint alleges Avast harvested consumers’ data without consent and mislead them about privacy protection. Avast must obtain consent before selling browsing data and delete shared data. The company’s surveillance tactics compromised privacy and broke the law.
Based on the meeting notes, the key takeaways are:
1. The U.S. Federal Trade Commission (FTC) has ordered Avast to pay $16.5 million and prohibited the company from selling or licensing users’ web browsing data for advertising purposes.
2. Avast violated consumers’ rights by collecting, storing, and selling their browsing data without their knowledge and consent, while misleading them about the privacy protection offered by their software.
3. The volume of data released by Avast is significant, with more than eight petabytes of browsing information amassed by 2020.
4. Avast harvested consumers’ web browsing information without their knowledge or consent, using browser extensions and antivirus software since at least 2014, and sold it to over 100 third parties through their Jumpshot subsidiary.
5. The company falsely claimed to only transfer users’ personal information in an aggregate and anonymous form, while storing this information indefinitely and making agreements with third parties for data access.
6. Avast misled users by promising to protect their privacy from third-party tracking but failed to inform them that their detailed, re-identifiable browsing data would be sold.
7. In addition to the financial penalty, the FTC will require Avast to obtain consent before selling or licensing browsing data, delete all shared web browsing data, and notify users whose data was sold without consent.
This summary captures the main points from the meeting notes regarding the FTC’s actions against Avast for privacy violations.