Avast has pulled the plug on the department responsible for reselling anonymized data to third parties and apologised: for the antivirus firm, these measures have come just too late in the Czech Republic, where an investigation has already been started into Avast’s practices.
At the end of January, it became clear that Avast was selling browser data from customers to parties including Amazon. Anonymised, but because of the precision of the data (provided with timestamps) certain parties could easily link browser data to their own data in order to still build up an individual’s profile. After Motherboard and PCMag raised this issue, the CEO of Avast apologised and pulled the plug on the division responsible for collecting that data, namely Jumpshot.
Czech Republic still starts research
In a statement, the Director of the Czech Office of Personal Data Protection announced that an investigation has been launched into Avast’s practices, as she believes it is a ‘significant breach of personal data protection’.
Avast states that it is indeed under investigation and is cooperating fully with the investigation. Should it be decided to impose a fine for ignoring the European data protection legislation (General Data Protection Regulation, the GDPR), Avast will incur considerable costs. The fine can amount to ten million, or two percent of the total profit over a year. This depends on which of those two amounts is higher.