The Federal Trade Commission today announced that it’s fining U.K.-based Avast PLC $16.5 million for selling its customer data to third-party data brokers.

Avast, one of the antivirus giants of the world, had advertised its product as a shield against people’s browsing data being collected and sold on to brokers. Yet it was doing exactly that, according to the FTC, calling it an “irony” as well as an “injury.”

The FTC’s investigation states that between 2014 and 2020, people using the Avast antivirus software on their devices had their web browsing information secretly harvested. This included information pertaining to location, financial status, religious beliefs, health and political views.

“The vast majority of consumers would not know that the Avast Software would surveil their every move on the Internet or that their browsing information might be sold to more than 100 third parties and stored indefinitely, in granular, re-identifiable form,” said the FTC complaint.

The report states that Avast stored that data “indefinitely” while assuring its customers it would block “annoying tracking cookies that collect data on your browsing activities” and would “stop anyone and everyone from getting to your computer” and “making money off your searches.”

Avast was doing just that, resulting from the 2014 acquisition of the antivirus firm Jumpshot, which Avast rebranded as an analytics company. Jumpshot promised “unique insights to make better business decisions” and to help clients see where their audience was “going before and after they visit your site or your competitors’ sites.”

One of its marketing slogans was “Every search. Every click. Every buy. On every site.” The Avast antivirus software had 430 million customers worldwide, while Jumpshot claimed it had access to 100 million devices.

Avast shut down its harvesting arm in 2020 after investigations into its data privacy practices. Although the company said it always anonymized the data it sold, the FTC said it “failed to sufficiently anonymize consumers’ browsing information” adding that these packages consisted of “astonishing detail about individual consumers’ browsing habits.”

In a statement, Avast said it disagreed with the“allegations and characterization of the facts,” but it was “pleased to resolve this matter.”

Photo: Dayne Topkin/Unsplash