The Federal Trade Commission (FTC) has finalized an order banning Avast Limited from selling, disclosing, or licensing web browsing data for advertising purposes. This decision, which includes a $16.5 million settlement, follows allegations that Avast and its subsidiaries engaged in deceptive practices by selling consumer browsing information after promising to protect users from online tracking.

Allegations and Findings

In a complaint announced in February, the FTC alleged that Avast and its Czech subsidiary collected consumer browsing data through browser extensions and antivirus software without adequate notice or consumer consent. The data, which included sensitive information such as religious beliefs, health concerns, political views, and financial situations, was sold to over 100 third parties via Avast’s subsidiary, Jumpshot. The FTC charged that Avast misled consumers by claiming its software would protect their privacy while failing to adequately anonymize the data, allowing for potential re-identification.

Settlement Terms

Under the finalized order, Avast is required to:

• Ban on Data Sales: Cease selling or licensing any web browsing data for advertising purposes.
• Monetary Settlement: Pay $16.5 million, which will be used for consumer redress.
• Data Deletion: Delete all web browsing information transferred to Jumpshot and any derived products or algorithms.
• Consumer Notification: Inform consumers whose data was sold without their consent about the FTC’s actions.
• Privacy Program: Implement a comprehensive privacy program to address the misconduct highlighted by the FTC, including obtaining affirmative express consent from consumers before selling or licensing browsing data from non-Avast products.

FTC’s Decision and Public Comments

The FTC’s final order was approved with a 3-0-2 vote, with Commissioners Melissa Holyoak and Andrew N. Ferguson not participating. The decision follows the consideration of public comments, which generally supported the FTC’s actions and suggested additional measures to enhance consumer privacy protection.

INSIDER TAKE

The FTC’s stringent measures against Avast underscore the growing regulatory scrutiny on companies regarding data privacy violations. By mandating a comprehensive privacy program and requiring explicit consumer consent for data sales, the FTC aims to restore consumer trust and ensure transparency in data handling practices.

The financial penalty and operational restrictions imposed on Avast signal the agency’s commitment to safeguarding consumer privacy. For Avast, the repercussions of this settlement extend beyond the monetary fine. The company must now rebuild its reputation and demonstrate a renewed commitment to privacy principles to regain consumer confidence.

This case also highlights a broader challenge: balancing data monetization strategies with consumer privacy rights. As digital privacy concerns continue to escalate, companies must prioritize ethical data practices and transparency to avoid similar legal and reputational risks.

The FTC’s decisive action against Avast serves as a stark reminder to the industry that consumer privacy cannot be compromised, and regulatory bodies will hold companies accountable for any practices they deem deceptive or unfair.