, 18 November 2020

From research to expanding our product portfolio, Avast has taken important steps throughout 2020 in support of privacy and data protection

2020 has been an odd year, to say the least. But one thing has stayed familiar: As we’ve moved more aspects of life online, cybersecurity and privacy threats have adapted to the new normal. We’ve seen an increase in phishing and credential-stuffing attacks, as well as the growth of both legitimate and illegitimate Covid-19 related apps and databases containing sensitive personal data, such as location and medical data.

With security and privacy software on over 400 million devices — and with a long history of combating cyber threats — Avast is particularly well positioned to respond to these emerging and growing threats. An increased amount of personal data is being collected in tandem with the higher rates of remote working, contact tracing and online shopping. This leads to an increased risk of personal data breaches, online scams, and abusive practices like digital stalking.

The use of ‘stalkerware’ – software running in the background on a device that can track people’s actions – has increased significantly during the pandemic. In July 2019, Google pulled eight such apps from the Play Store following research by Avast. Using our mobile threat detection platform apklab.io, Avast was able to identify eight malicious stalkerware apps and worked with Google to remove them from the Play Store. This year,  we published guidance on how to keep stalkerware at bay and how to detect, prevent, and remove stalkerware.

Avast has also taken a number of steps throughout 2020 to strengthen our commitment to privacy and data protection as fundamental human rights. In October, I joined as Chief Privacy Officer to oversee Avast's global privacy strategy and drive the company's privacy-by-design approach. Part of this strategy is reviewing internal policies and procedures at Avast. For example, the Privacy Policy — which was reviewed to ensure it was comprehensive and clear — and was awarded TRUSTe certification. This month, a new privacy microsite also launched with the goal of providing the public with further information on Avast’s privacy values and how they are applied in the work we do. We’re also redesigning our data governance approach to ensure we have an even clearer picture of how we use data, and to further enhance our accountability, security, and ability to ensure we process as little data as necessary. 

In order to ensure we are both learning from and contributing to best practices in privacy across the tech industry, Avast has also engaged with a number of expert partners in the world of privacy. Through our partnership with the Future of Privacy Forum (FPF), we engage with academics, advocacy groups, and industry players who are serious about promoting a privacy-centric approach. As Chief Privacy Officer, I will also represent Avast on the FPF advisory board, which provides input in support of transparency, user control, and the advancement of responsible data practices.

We also worked with chess grandmaster and Avast Security Ambassador Garry Kasparov and Roger Dingledine, the director, researcher and co-founder of the Tor Project, this year. Both men were keynote speakers for our CyberSec&AI Connected 2020 conference, which focused on the use of AI for privacy and security. We are committed to working with experts across the fields of privacy and security to ensure the development of strong solutions to emerging privacy threats.

We’ve also reached out to policymakers in the EU and US, offering our support and experience on cybersecurity, privacy, and data protection. We’ve had discussions about privacy and security frameworks, international data transfers, encryption, and the responsible regulation of emerging technologies such as AI — as well as how these technologies can be utilized to enhance privacy and security — with representatives from the European Commission, the European Parliament, and the US government, We’ve also promoted (and will continue to promote) the development of robust and consistent privacy law across the world, and tackled issues like surveillance and systemic privacy risks.

At the start of 2020, Avast decided to wind down its independent subsidiary, Jumpshot, after concerns arose about how Jumpshot processed personal data for the purposes of data analytics. Although the sharing of data between Avast and Jumpshot was designed in a way that was intended to fully protect user privacy, Avast acknowledged that we had fallen short of the expectations that our users had, and that, ultimately, this kind of data processing did not fit in with our privacy and user-centric values. That was why Avast decided to immediately cease that type of data processing. We treated it as a learning opportunity in the ongoing responsibility that every company has to continually improve their privacy practices. Taking swift and decisive action to address these concerns was an opportunity for Avast to go “beyond compliance” with data protection law and to act in a way that supports our belief in privacy as a fundamental human right.

This summer, Avast also launched a new product specifically aimed at giving people more control over their online privacy. Avast BreachGuard takes a three-pronged approach to protecting your data: monitoring, removing, and advising. BreachGuard scans for leaked personal data, alerting you if it ever shows up in a data breach or anywhere on the dark web; automates removal requests whenever your information is found exposed in an online database; and advises how to proactively enhance your online privacy, including how-to guides for common internet services and apps. Alongside our existing privacy-enhancing products, SecureLine VPN and AntiTrack, BreachGuard adds to the growing focus in Avast on providing users with greater control over whether and how their data is shared online.

All in all, it has been a busy year for privacy, and for Avast. Even as some degree of normality (hopefully) returns in 2021, we can expect that some of the effects of new online behaviors — such as increased use of remote working and video-conferencing — will remain.  There will continue to be plenty of work to do to ensure that the threats associated with these behaviors and developing technologies are addressed. Avast will continue to build on its decades of experience in the cybersecurity world (and more recently in privacy) to develop tools that put users in control of their digital fingerprint and to promote strong privacy and security practices amongst industry and policymakers.