UK based cybersecurity software firm Avast has agreed to pay a $16.5 million fine for storing and selling customer information without their consent, the US Federal Trade Commission (FTC) announced on Thursday.
The company will also be banned from selling user data for advertising purposes, the FTC said.
In a detailed complaint, Avast is accused of unfairly collecting consumers’ browsing information through the company’s browser extensions and antivirus software, storing it indefinitely, and selling it without adequate notice and without consumer consent.
The complaint also charges that Avast deceived users by claiming that the software would protect consumers’ privacy by blocking third party tracking, but failed to adequately inform consumers that it would sell their detailed, re-identifiable browsing data.
The FTC alleges Avast sold that data to more than 100 third parties through its subsidiary, Jumpshot.
Commenting on the fine, Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said: “Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite. Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”
In a statement to The Verge, a spokesperson for Avast said: “We are committed to our mission of protecting and empowering people’s digital lives While we disagree with the FTC’s allegations and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”
Recent Stories