La privacy dalla parte delle aziende
con spiegazioni semplici e operative, AI assisted
Osservatorio a cura del dott. V. Spataro 



   navigazione anonima 2024-02-24 ·  NEW:   Appunta · Stampa · Cita: 'Doc 98327' · pdf

FTC sanziona Avast - enfatizza la navigazione protetta ma non che vende i dati di navigazione

abstract:



Il marketing deve seguire le indicazioni delle condizioni legali, inventando frottole. La FTC spiega cosa sono le frottole: difendere la navigazione anonima e venderla a terze parti, senza consenso.

Fonte: ftc
Link: https://www.ftc.gov/news-events/news/press-release




analisi:

L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni

..... .......... ...... ..... ......... .......... ...... ... .. ............. ... ..........

.. .... .. .....: .' ...... .'... ... ... ............. . . .... .. .......... ..... ...... ".....".

... .... .. ...... ..... ... .. ......... .. ....... ... ..... ......: ...... ...... ..... .........., ... ..... . .....

... .............. ..... ......




index:

Indice

  • Not only did Avast fail to inform consum
  • Prohibition
  • Obtain Affirmative Express Consent
  • Data and Model Deletion
  • Notify Consumers
  • Program



testo:

FTC Order Will Ban Avast from Selling Browsing Data for Advertising Purposes, Require It to Pay $16.5 Million Over Charges the Firm Sold Browsing Data After Claiming Its Products Would Block Online Tracking

FTC says despite its promises to protect consumers from online tracking, Avast sold consumers' browsing data to third parties
February 22, 2024

The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.

In its complaint, the FTC says that Avast Limited, based in the United Kingdom, through its Czech subsidiary, unfairly collected consumers’ browsing information through the company’s browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and without consumer consent. The FTC also charges that Avast deceived users by claiming that the software would protect consumers’ privacy by blocking third party tracking, but failed to adequately inform consumers that it would sell their detailed, re-identifiable browsing data. The FTC alleged Avast sold that data to more than 100 third parties through its subsidiary, Jumpshot. 

“Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.” 

Since at least 2014, the FTC says Avast has been collecting consumers’ browsing information through browser extensions, which can modify or extend the functionality of consumers’ web browsers, and through antivirus software installed on consumers’ computers and mobile devices. This browsing data included information about users’ web searches and the webpages they visited—revealing consumers’ religious beliefs, health concerns, political leanings, location, financial status, visits to child-directed content and other sensitive information.

According to the complaint, not only did Avast fail to inform consumers that it collected and sold their browsing data, the company claimed that its products would decrease tracking on the Internet. For example, when users searched for Avast’s browser extensions, they were told Avast would “block annoying tracking Cookies that collect data on your browsing activities” and promised that its desktop software would “shield your privacy. Stop anyone and everyone from getting to your computer.” 

After Avast bought Jumpshot, a competitor antivirus software provider, the company rebranded the firm as an analytics company. From 2014 to 2020, Jumpshot sold browsing information that Avast had collected from consumers to a variety of clients including advertising, marketing and data analytics companies and data brokers, according to the complaint.

The company claimed it used a special algorithm to remove identifying information before transferring the data to its clients. The FTC, however, says the company failed to sufficiently anonymize consumers’ browsing information that it sold in non-aggregate form through various products. For example, its data feeds included a unique identifier for each web browser it collected information from and could include every website visited, precise timestamps, type of device and browser, and the city, state, and country. When Avast did describe its data sharing practices, Avast falsely claimed it would only transfer consumers’ personal information in aggregate and anonymous form, according to the complaint.

The FTC says the company failed to prohibit some of its data buyers from re-identifying Avast users based on data that Jumpshot provided. And, even where Avast’s contracts included such prohibitions, the contracts were worded in a way that enabled data buyers to associate non-personally identifiable information with Avast users’ browsing information. In fact, some of the Jumpshot products were designed to allow clients to track specific users or even to associate specific users—and their browsing histories—with other information those clients had. For example, as alleged in the complaint, Jumpshot entered into a contract with Omnicom, an advertising conglomerate, which stated that Jumpshot would provide Omnicom with an “All Clicks Feed” for 50% of its customers in the United States, United Kingdom, Mexico, Australia, Canada, and Germany. According to the contract, Omnicom was permitted to associate Avast’s data with data brokers’ sources of data, on an individual user basis. 

In addition to paying $16.5 million, which is expected to be used to provide redress to consumers, the proposed order, will prohibit Avast and its subsidiaries from misrepresenting how it uses the data it collects. Other provisions of the proposed order include:

  • Prohibition on Selling Browsing Data: Avast will be prohibited from selling or licensing any browsing data from Avast-branded products to third parties for advertising purposes;
  • Obtain Affirmative Express Consent: The company must obtain affirmative express consent from consumers before selling or licensing browsing data from non-Avast products to third parties for advertising purposes;
  • Data and Model Deletion: Avast must delete the web browsing information transferred to Jumpshot and any products or algorithms Jumpshot derived from that data;
  • Notify Consumers: Avast will be required to inform consumers whose browsing information was sold to third parties without their consent about the FTC’s actions against the company; and
  • Implement privacy Program: Avast will be required to implement a comprehensive privacy program that addresses the misconduct highlighted by the FTC.

The Commission voted 3-0 to issue the administrative complaint and to accept the proposed consent agreement. FTC Chair Lina M. Khan joined by Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya issued a statement on this matter.

The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments will appear in the published notice. Once processed, comments will be posted on Regulations.gov.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $51,744.

The lead staff attorneys on this matter are Cathlin Tully and Andy Hasty from the FTC’s Bureau of Consumer Protection.

The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.

---

Statement of Chair Lina M. Khan
Joined by Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro M. Bedoya
In the Matter of Avast Limited
Commission File No. 202-3033
February 21, 2024

A person’s browsing history can reveal extraordinarily sensitive information. A record of the websites someone visits can divulge everything from someone’s romantic interests, financial struggles, and unpopular political views to their weight-loss efforts, job rejections, and gambling addiction.

Aware that internet users may want to protect their browsing history from data brokers and other trackers, some firms now market services to provide privacy protections online. Avast is one such firm. Since at least 2014, Avast has distributed browser extensions that it promoted through promising users enhanced privacy. It claimed, for example, that its products would

“block[] annoying tracking Cookies that collect data on your browsing activities” and “[p]rotect your privacy by preventing . . . web services from tracking your online activity.” It also stated that any sharing of user information would be in “anonymous and aggregate” form.1

The Commission’s complaint charges that these statements by Avast were deceptive. The complaint details how Avast collected highly detailed browsing data from millions of users and then, through its subsidiary Jumpshot, sold those browsing records to over a hundred clients, including major advertising firms. Avast also released this data in individualized, re-identifiable form, allowing these browsing histories to be traced back to specific people—in direct contravention of what Avast had promised. 2 While the FTC’s privacy lawsuits routinely take on firms that misrepresent their data practices, Avast’s decision to expressly market its products as safeguarding people’s browsing records and protecting data from tracking only to then sell those records is especially galling. 3 Moreover, the volume of data Avast released is staggering: the complaint alleges that by 2020 Jumpshot had amassed “more than eight petabytes of browsing information dating back to 2014.” Indeed, one advertising firm received detailed browsing information on 50 percent of Avast’s entire user base world-wide, spanning the United States, United Kingdom, Mexico, Australia, Canada, and Germany.4

The FTC charges that Avast’s conduct here was not only deceptive, but also an unfair practice, violating Section 5 of the FTC Act. Exposing people’s detailed browsing data in ways that can be traced back to them marks an invasion of privacy and is likely to cause substantial injury. Because it is intrinsically sensitive, browsing data warrants heightened protection. Businesses that sell or share browser history data without affirmatively obtaining people’s permission may be in violation of the law.

Today’s action against Avast further builds out the Commission’s work establishing that sensitive data triggers heightened privacy obligations and a default presumption against its sharing or sale. Through a series of cases, the FTC has been expounding on how firms are legally required to safeguard sensitive data. Kochava, X-Mode, and InMarket highlighted the sensitivity of precise geolocation data.

In Rite Aid and Alexa, the FTC highlighted the sensitivity of biometric data, such as facial attributes and voice recordings of children.6 And in GoodRx, BetterHelp, and Premom, we underscored the heightened sensitivity of people’s health information. 7 Today, we underscore the sensitivity of yet another type of information: people’s browsing records.

Across these cases, we have established that businesses by default cannot sell people’s sensitive data or disclose it to third parties for advertising purposes. We have also pursued bright-line bans. In Rite Aid, where we alleged that Rite Aid used unfair and discriminatory facial recognition software, we are seeking to ban its use of facial recognition for five years. In a trio of matters, GoodRx, BetterHelp, and Premom—all cases where health apps promised to keep secure users’ highly personal health information but then turned around and sold that data to third parties for advertising purposes—we banned those companies from selling consumers’ health information for such purposes. Here, we have obtained a similar ban, for the first time, with respect to a non-health service. Today’s order also secures $16.5 million in relief—the highest monetary remedy in a de novo privacy violation case.

I am very grateful to the Division of privacy and Identity Protection for their terrific work to protect Americans from privacy invasions and commercial surveillance, especially as it concerns their most sensitive data.


Link: https://www.ftc.gov/news-events/news/press-release

Testo del 2024-02-24 Fonte: ftc




Commenta



i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.


Ricevi gli aggiornamenti su FTC sanziona Avast - enfatizza la navigazione protetta ma non che vende i dati di navigazione e gli altri post del sito:

Email: (gratis Info privacy)






Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza










La privacy dalle basi fino all'attualità.
Udemy lo consiglia alle aziende.
adv IusOnDemand