Get compensation for Avast data breach

Introduction

Avast Software s.r.o. was finally sentenced to pay a fine of CZK 351 million for unauthorised processing of personal data of users of its antivirus software and its browser extensions. This processing, which took place for part of 2019, involved sharing the data of approximately 100 million users with a subsidiary of Jumpshot, INC. This data, particularly pseudonymized internet browsing history, was passed to third parties, including marketers for analysis of consumers’ online behavior.

Avast informed users that the data was anonymous and only used for trend analysis, but the Office for Personal Data Protection (OPPD) found that the data was not truly anonymized and allowed for potential re-identification of users. In addition, it was found that the purpose of the processing was not just to produce statistics as stated.

In its decision, the CAO emphasized that Avast, as a cybersecurity expert, violated its customers’ expectations in protecting their private data. This decision, which also concerns a case of cross-border processing of personal data within the European Union, was addressed through the One Stop Shop’s cooperation mechanism with other supervisory authorities in the EU.

In response to the fine, Avast said that the decision relates to Jumpshot’s past activities, which the company voluntarily closed in January 2020, and that it disagrees with the verdict. The company is considering further action, including filing an administrative lawsuit.

In February, Avast was already fined $16.5 million by the Federal Trade Commission in the US for similar charges relating to the collection and sale of consumer information for advertising purposes.

The decision of the OOOO is final and the fine must be paid. This entire case is taking place in the context of Avast’s recent merger with NortonLifeLock in December 2022, with the newly formed giant under the name Gen Digital emerging from an $8.6 billion deal and now serving more than half a billion users.

Key findings:

• Avast has to pay a fine of CZK 351 million for unauthorised processing of personal data, which included data of about 100 million people transferred to its subsidiary Jumpshot.
• The CAO emphasized that Avast violated its customers’ trust in privacy protection because the data allowed for the re-identification of users, despite claims of anonymization.
• The decision is final and relates to Avast’s global activities, including its merger with NortonLifeLock, which created a new Gen Digital company with more than half a billion users.
• Whether you’ve been affected or are just exploring your options, you can take advantage of

Sources

1. Drtina M. Avast za přeprodej osobních dat uživatelů dostal pokutu od ÚOOÚ [AKTUALIZOVÁNO] [Internet]. Lupa.cz. 2024. Dostupné z: https://www.lupa.cz/aktuality/avast-za-preprodej-osobnich-dat-uzivatelu-dostal-pokutu-od-uoou/
2. Avast dostal pokutu 351 milionů [Internet]. Dostupné z: https://www.novinky.cz/clanek/ekonomika-pokuta-pro-avast-40467963
3. Řepka M. ÚOOÚ uložil pokutu 351 mil. Kč za porušení GDPR [Internet]. Úřad Pro Ochranu Osobních Údajů. 2024. Dostupné z: https://uoou.gov.cz/novinky/vse/uoou-ulozil-pokutu-351-mil-kc-za-poruseni-gdpr