The Federal Trade Commission (FTC) has filed a serious complaint against antivirus giant Avast and its subsidiary Jumpshot. The complaint alleges deceptive practices and a massive breach of privacy involving the collection and sale of highly sensitive user browsing data.

“While the FTC’s privacy lawsuits routinely take on firms that misrepresent their data practices, Avast’s decision to expressly market its products as safeguarding people’s browsing records and protecting data from tracking only to then sell those records is especially galling,” said FTC Chair Lina M. Khan.

“Moreover, the volume of data Avast released is staggering: the complaint alleges that by 2020 Jumpshot had amassed “more than eight petabytes of browsing information dating back to 2014.”

Besides being ordered to pay $16.5 million, Avast will be prohibited from licensing or selling any browsing data collected using Avast-branded products to third parties for advertising purposes.

The company will have to obtain consent from all customers before selling or licensing browsing data obtained from non-Avast products. 

The FTC will also require Avast to delete all web browsing data shared with Jumpshot and any products or algorithms developed by Jumpshot using said data. 

AMD Investigates Alleged Data Breach, Stolen Company Data Claims Emerge