Czechia: Issued UOOU riling following investigation into Avast over alleged illegal sales of user data including CZK 351 million fine

On 15 April 2024, the Czech Office for Personal Data Protection (UOOU) imposed a fine of CZK 351 million on Avast Software for the unauthorised processing of personal data of its antivirus program and browser extensions users during part of 2019. Avast was found to have transmitted the pseudonymised Internet browsing history of approximately 100 million users to Jumpshot under the pretence of trend analysis. However, the data was not adequately anonymised, leading to potential re-identification of individuals. The practice contradicts Avast's stated purpose of creating statistical analyses and breaches the trust of its users, who rely on Avast for cybersecurity and data privacy protection. The case, involving cross-border data processing within the European Union, was investigated in cooperation with other EU supervisory authorities under the One Stop Shop mechanism.