FTC Fines Avast for Selling User Data

In a decisive action that underscores the importance of digital privacy, the U.S. Federal Trade Commission has imposed a $16.5 million fine on the antivirus software vendor Avast. The company faced allegations of selling users’ browsing data to advertisers, a stark contradiction to its assurance of blocking online tracking.

The scrutiny began after an investigation by Motherboard and PCMag brought to light that Avast, through its subsidiary Jumpshot, had been collecting extensive online activities of users without their explicit consent. Reports claim that Avast sold this data—potentially traceable to individuals— to over 100 companies, sparking privacy concerns and accusations of deceptive practices.

Subsequent to these revelations, tech industry giants like Google and Mozilla raced to excise Avast’s questionable add-ons from their browsers. These antivirus extensions, shunned for resembling spyware, paradoxically threatened user security they professed to guard. This collective backlash galvanized Avast to terminate Jumpshot’s data harvesting operations.

Despite attempts at anonymizing data, [experts warn](https://www.vice.com/en/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation) of potential re-identification risks. The implications are significant, not least because Avast commands a vast user base, with over 435 million active users monthly. The anonymity veil, it seems, was uncomfortably thin.

The FTC’s fine, announced on February 5, 2024, is part of a larger crackdown on online privacy violations. The Commission emphasized that transparency and honesty are non-negotiable in the handling of user data. Avast has since agreed to terminate its data trading and implement rigorous privacy safeguards.

As customers grow warier of their digital footprints, Avast has redirected its focus towards user consent for data collection, toeing the line of privacy regulations. The controversy also catalyzed Avast’s merger with NortonLifeLock to form [Gen Digital](https://press.avast.com/nortonlifelock-completes-merger-with-avast), illustrating a reshaping of the cybersecurity landscape where consumer trust is pivotal.

In today’s digital age, data has become currency, but not without consequence. The FTC’s hefty fine on Avast is a clear message: companies bear a profound responsibility to safeguard the data with which users entrust them. In a world increasingly focused on privacy, the true value lies in respecting and protecting user data—a lesson Avast learned the hard way.