14 DAY TRIAL // The data protection watchdog in the Czech Republic has started an investigation of antivirus company Avast after an in-depth analysis of its data collection practices revealed that the vendor was selling browsing history info of over 100 million users to tech giants.
Avast’s clients included Google, Microsoft, and Home Depot, the investigation conducted by Motherboard and PCMag revealed.
Now the Czech authorities are looking into these practices to determine if the company mishandled personal data, an official announcement reads.
„At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users’ personal data. Based on the findings, further steps will be taken and general public will be informed in due time, “Ivana Janů, President of the Czech Office for Personal Data Protection, said.
Privacy concerns
Concerns over Avast’s data collection practices first appeared in 2019 when it was discovered that some of the company’s browser extensions for Google Chrome and Mozilla Firefox collected user information and then sold it to various third parties.
Shortly after that, both Google and Mozilla removed the extensions before Avast republished them with significant changes that reduced the amount of data collected from users’ computers.
An in-depth analysis of the data collection powered by Avast’s antivirus products also revealed that the company logged information such as Google and Google Maps searches, things people look for on YouTube, and even clicks on adult websites. Just like in the case of extensions, the collected data was anonymized, but as per Vice, several experts warned that it’s still possible to link an individual to a specific set of data.
The data collection was powered by Avast subsidiary Jumpshot, a company that the antivirus vendor eventually closed after the investigation revealed its practices. Avast told the cited source that it’s now working with the investigators.
“We are in receipt of the DPA's request and we will diligently work with the DPA in full cooperation. We take concern about our users' privacy very seriously, which is why we voluntarily made changes to our privacy policy in December, and made the decision to close Jumpshot last month,” Avast says.