Avast hit with multimillion-euro fine for GDPR failure

Punishment relates to Avast data processing before 2020

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity andantiviruscompany Avast has been hit with a €13.7 million ($14.9 million) fine for processing customers’ data illegally as per GDPR requirements.

Spanish not-for-profit NGO Facua, which focuses on consumer rights matters, made Spain’s Agency for Data Protection aware that Avast had collected and sold private browsing data, including identifying data, without knowledge or authorization.

Facua credits PCMag and Motherboard for first bringing the matter to public attention, which saw Avast wrongly handling personal data under its subsidiary, Jumpshot.

Avast GDPR fine

Data packaged by Jumpshot from companies likeGoogle,Microsoft, Yelp, Home Depot, Sephora, Loreal, and more, was sold on the pretense that it could “provide companies with a more complete view of the entire online user journey” (viaFacua).

The NGO highlights some of the data that was collected by Avast, includingGoogle Mapslocation searches and GPS coordinates, videos viewed onYouTube, profiles on LinkedIn, and even more broadly, Google web searches.

These are the best privacy tools and anonymous browsers>Twitter faces privacy scrutiny over claims it fails GDPR>Meta fined €390M over GDPR breaches for its ad and data handling practices

Having transferred the case to the Czech Republic, the Czech Administration has ruled that Avast has committed a number of violations against the GDPR relating to processing personal data, “failing to sufficiently inform the data subjects (users of the Avast antivirus program and its browser extension) at the time the data was obtained from them, about the purposes of the treatment for which they were intended and on the legal basis of the treatment in question.”

AGenspokesperson toldTechRadar Proon behalf of Avast:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Avast closed down Jumpshot in January 2020, and with this terminated the processing of customer data by Jumpshot, as stated in theblogpost. The Czech DPA investigation relates to the historic processing of personal data before January 2020. The Czech DPA started its investigations in February 2020, and till today, the proceedings are still ongoing, a final decision has not been issued yet. Therefore, we cannot provide any comments.

Since January 2020, Avast reaffirmed its commitment to taking all necessary steps to keep its users’ data safe and private. Avast swiftly closing down Jumpshot demonstrates how seriously it has taken this situation. Avast has continued to take proactive measures to ensure that its privacy practices are a top priority and maintains active participation in global privacy-first organizations and initiatives, including partnering with industry-leading privacy advisors such asTrustArcthrough which Avast earned the TRUSTe privacy certification, and working closely withOneTrustand theFuture of Privacy Forum.”

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Windows PCs targeted by new malware hitting a vulnerable driver