FTC Guidance in the Avast Case: Selling and Collecting Data Deceptively!

FTC Guidance in the Avast Case: Selling and Collecting Data Deceptively!

– The #FTC found that Avast anonymization measures were insufficient to prevent re-identification. Even when contracts contained prohibitions on re-identification, the language allowed customers to join their first-party data to the data purchased from Avast.

– FTC has confirmed that anonymized has a concrete technical definition consistent with the de-identified and anonymized data exemptions in state & global data protection laws.

– Cannot claim the data is anonymized if it can be joined with other data assets.

– Shared pseudonyms and IDs that allow parties to share and combine their data will be considered de facto personal information where each party holds identifiable information about users.

– Even if both parties otherwise de-identify data before joining, the resulting data sets will often be identifiable to both parties.

– #Anonymization post-join and pre-processing will be necessary.

– FTC also pointed out that #storingdata indefinitely is not acceptable.

– FTC said the #breach of #customertrust is egregious especially when you market yourself as doing something and end up doing the opposite.

Settlement amount: $16.5 million

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top