Compliance Management, Privacy

Czech authorities investigating Avast over recent data collection practices

The Czech Republic's Office for Personal Data Protection (DPA) said in a brief statement today that it has launched a preliminary investigation into Avast Software s.r.o., following reports that the Prague-based antivirus company collected data from users of its free AV product and sold it via a separate business division.

"At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users' personal data," said Ivana Janu, president of the Czech Office for Personal Data Protection, in an official statement. "Based on the findings, further steps will be taken and general public will be informed in due time."

In October 2019, researcher Wladimir Palant published a blog post warning that Avast browser extensions (and those from its subsidiary AVG) would log users' IDs along with information on the websites they visited. This caused Google, Mozilla and Opera to remove these extensions until Avast implemented new privacy protections.

Avast was reportedly gathering the data and passing it along to to its marketing analytics subsidiary Jumpshot, which sold the data to third-party brands and market research companies. While Avast claimed it "de-identified" the data by removing personal details, a joint investigation by PCMag and Motherboard found that the modified data could be combined with additional information to still identify users and match them to real individuals. On Jan. 30 Avast announced it was shutting down its Jumpshot business.

"We are in receipt of the DPA's request, and we will diligently work with the DPA in full cooperation, said an Avast spokesperson in an official statement. "We take concern about our users' privacy very seriously, which is why we voluntarily made changes to our privacy policy in December, and made the decision to close Jumpshot last month. Avast's core mission is to keep its users' data safe online, and any practice that jeopardizes user trust is unacceptable. Protecting user privacy is embedded in everything we do in our business, and as such we remain focused on continuing to innovate our products for the benefit of our users and their privacy."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.