EPIC Applauds FTC Prohibition Against Avast’s Disclosure of Sensitive Information for Advertising Purposes

In comments filed earlier this month, EPIC praised the Federal Trade Commission’s consent decree against Avast Limited, one in a series of recent FTC orders against large data controllers for disclosing sensitive consumer information. As detailed in the Commission’s complaint, Avast marketed software to consumers that the company promised would limit tracking online by blocking invasive third-party cookies. But even as it promised privacy protection, Avast collected and sold consumers’ sensitive browsing information to third parties.

In its comments, EPIC applauded the FTC’s proposed prohibition against Avast’s sale or disclosure of browsing data for advertising purposes. EPIC commended the FTC’s ongoing work to prevent such unfair and deceptive data practices—especially in cases where consumers take proactive steps to protect their privacy yet are harmed by a business’s bait-and-switch. EPIC offered two suggestions to make the final order stronger: (1) extend the prohibition to cover the sale or disclosure of browsing information for other purposes, including sales of personal data to national security authorities, and (2) incorporate a comprehensive data minimization framework to limit the collection, disclosure, and retention of personal data.

EPIC has previously called on the FTC to impose data minimization requirements to protect consumers’ privacy and routinely advocates for protections against the sale of personal information to national security and law enforcement agencies.