A bombshell report exposed a highly-popular anti-virus application for collecting user data and selling it to a variety of large companies. A high-level probe has also been opened in Ireland to investigate both Tinder and Google. Read on for this week’s data privacy recap.
Leaked Documents Expose Sale of Web Browsing Data
A new investigation from Motherboard and PCMag has revealed a massive security mishap. The Avast antivirus program, which is used by hundreds of millions of people around the world, has been selling highly sensitive web browsing data to many huge companies. The report cites a trove of leaked data, contracts and other documents that show that the Avast software collects data, and then Avast subsidiary Jumpshot packages it and sells it. Some past clients include Google, Yelp, Microsoft, Pepsi, Home Depot, and others. Some of these clients paid top dollar for a so-called “All Clicks Feed” which tracks user behavior, clicks, and movement across various websites. Avast allegedly collects data on an opt-in basis, but many if not most users are unaware of this practice. As of now, Avast is defending the process: “The data is fully de-identified and aggregated and cannot be used to personally identify or target you. Jumpshot may share aggregated insights with its customers.”
Facebook’s Bug Bounty More Successful Than Ever
In a positive development from Facebook, news broke this week that Facebook’s bug bounty program – which rewards security researchers for finding data breaches and malicious code – found more of these harmful flaws than ever before this past year. The program also paid out its highest reward this year – $65,000 for a bug in Facebook’s own system that leaked data fragments. One of the big discoveries happened in October 2019, when researchers from Indiana University reported an issue related to third-party software-development kits that developers had incorporated into various Android and iOS mobile apps. The tools were stealing a variety of data, including names, gender identifications, and email addresses. In a new expansion, Facebook also selected outside researchers to scour Facebook Dating, Checkout on Instagram, and the website redesign codenamed FB5 before each product launched.
You Could Get Refunded for Yahoo Data Breaches
It seems almost ridiculous that we’re talking about it this late in the game, but Yahoo has officially announced that anyone affected by their various data breaches from 2012 to 2016 can now appeal for compensation. As a result of a class action lawsuit, that compensation is being offered in the form of either credit monitoring or cash. In total, Yahoo will dole out about $117.5 million, which will cover a minimum of two years of credit monitoring for individual users, or a cash payment of $100 to users who can prove they already have at least 12 months of credit monitoring, as well as compensation for time spent dealing with issues. If we learned anything from the similar Equifax situation, however, everyone and their mother will file for it and most people won’t get anything close to $100. We say it’s definitely still worth a shot.
Ireland Probes Google and Tinder
Google and Tinder are both under scrutiny this week after Ireland’s Data Protection Commission (DPC) opened two investigations. They hope to clarify exactly how both companies handle personal data, and assess their respective levels of transparency. A big part of that process is compliance under the GDPR. The strict privacy legislation demands that companies delete user data upon request and dole out comprehensive copies of users’ profile if they so desire. As for Google, the DPC will investigate how the company processes location data. If the DPC finds that Google and Tinder haven’t been fully compliant, tey could face fines of up to four percent of their total annual revenue in the previous year. And such a fine wouldn’t be without precedent. As of January 2020, the EU has imposed approximately $126 million in data privacy-related fines.
What do you think was the most important data story of the week? Reach out to us on social media and let us know.