The Czech IB-company Avast has been fined $14.8 million for violating GDPR regulations by the Czech Republic’s Office for Personal Data Protection (úOOU). The penalty was imposed after an investigation into the activities of Avast’s Czech branch, Jumpshot.
úOOU found that in 2019, Avast processed personal data of users of its antivirus and browser extensions without consent. More than 100 million users’ data was shared with Jumpshot, which was involved in selling user behavior analysis to third parties.
According to úOOU, Avast misled users by claiming to use secure methods of data handling, while some information could still identify users.
úOOU highlighted that Avast, a leader in cybersecurity offering tools for protecting data and privacy, should not disclose customers’ personal information that could reveal their identity, interests, location, financial situation, profession, and other private details.
In response, Avast’s representative stated disagreement with úOOU’s conclusions and facts characterization and is considering legal action. The company affirmed its dedication to customer data privacy and announced measures to enhance privacy practices. Avast remains actively engaged in data confidentiality initiatives.
Earlier this year, Avast settled a similar case with the US Federal Trade Commission by agreeing to pay $16.5 million. In 2020, the company ceased Jumpshot’s operations and committed not to sell browsing data for advertising purposes.