FTC Announces $16.5 Million Settlement Against UK Service Provider and Ban from Selling Browsing Data for Advertising Purposes

2 months ago AndyC

Listen to this post

On February 22, 2024, the Federal Trade Commission

FTC Announces .5 Million Settlement Against UK Service Provider and Ban from Selling Browsing Data for Advertising Purposes
Listen to this post

On February 22, 2024, the Federal Trade Commission announced a settlement order against Avast Limited (“Avast”) requiring Avast to pay $16.5 million and prohibiting Avast from selling or licensing any web browsing data for advertising purposes. This ban is to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.

In the FTC’s complaint, the FTC alleged that Avast, through its Czech subsidiary, unfairly collected consumers’ browsing information since at least 2014 through Avast’s browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and without consumer consent. The FTC also alleged that the company deceived users by claiming that the software would protect consumers’ privacy by blocking third-party tracking, and that any sharing would be in “anonymous and aggregate form,” but failed to adequately inform consumers that it would sell their detailed, re-identifiable browsing data. In addition, the FTC alleged that the company sold that data to more than 100 third parties through its subsidiary, and did not prohibit many of the data buyers from re-identifying the data.

In its proposed order, the FTC sought a $16.5 million settlement in order to provide redress to consumers. The proposed order prohibits Avast from selling, licensing or otherwise sharing any browsing data from Avast-branded products to third parties for advertising purposes.  It also prohibits Avast from making further misrepresentations about the data. In addition, the proposed order will require Avast to:

  • obtain affirmative express consent from consumers before using browsing data for advertising purposes, and before selling or licensing browsing data from non-Avast products to third parties for advertising purposes;
  • delete the web browsing information transferred to Jumpshot and any products or algorithms Jumpshot derived from that data;
  • inform consumers whose browsing information was sold to third parties without their consent about the FTC’s actions against the company; and
  • implement a comprehensive privacy program that addresses the misconduct highlighted by the FTC.

This case is notable in that the FTC penalized a non-U.S. company, and reflects a growing trend in the FTC’s targeting of data brokers for enforcement in recent months.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , ,

More Stories

CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

1 day ago AndyC
CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy

CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy

2 days ago AndyC
New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act

New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act

3 days ago AndyC
EDPB Issues Opinion on Pay-Or-Consent Models

EDPB Issues Opinion on Pay-Or-Consent Models

5 days ago AndyC
UK ICO Launches Latest Installment in the AI Consultation Series

UK ICO Launches Latest Installment in the AI Consultation Series

1 week ago AndyC
Connecticut Attorney General Issues Report on Privacy Law Enforcement Priorities

Connecticut Attorney General Issues Report on Privacy Law Enforcement Priorities

2 weeks ago AndyC

You may have missed

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

9 mins ago AndyC

Friday Squid Blogging: Searching for the Colossal Squid

6 hours ago AndyC
Showcasing Artwork by Max for Autism Awareness Month

Showcasing Artwork by Max for Autism Awareness Month

6 hours ago AndyC

How to Remove Personal Information From Data Broker Sites

12 hours ago AndyC
Experts warn of malware campaign targeting WP-Automatic plugin

Experts warn of malware campaign targeting WP-Automatic plugin

12 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.