AVG releases transparent privacy policy: Yes, we will sell your data

The antivirus firm tells us in a crystal-clear way what user data is collected and sold in return for freebie software.

Antivirus software provider AVG has fulfilled its CEO's pledge to create a one-page privacy policy -- and now tells us exactly what user data is collected for sale.

This week, the firm released its new privacy policy, which comes into effect on October 15 this year. As part of the policy, AVG will sell the data of its users to third parties in order to keep basic antivirus software free.

At Mobile World Congress 2015, AVG CEO Gary Kovacs said in a keynote the one-page policy is an important part of increasing consumer trust in laying out just what data is collected by the technology provider and how it is used.

The policy is short and sweet in comparison to traditional, lengthy terms and conditions which most of us -- if not all -- simply scan and click 'I accept" rather than try to decipher the jargon and spend a good hour straining our eyes to decipher the small print.

Within the new guidelines, AVG says non-personal data is collected. The company insists it cannot outline each and every type of data collected, but the list does include data concerning potential malware threats to your devices, how you use AVG software and information concerning your devices such as installation rates, language and manufacturer.

In addition, device security information -- including password attributes and encryption levels -- is collected, as well as "information about where our products and services are used, including approximate location, zip code, area code, time zone, and the URL you came from to reach our products."

This seems like a hefty list of data to collect, but there is more. AVG says "we collect non-personal data to make money from our free offerings so we can keep them free," and this includes:

  • Advertising ID associated with your device;
  • Browsing and search history, including metadata;
  • Internet service provider or mobile network you use to connect to our products; and
  • Information regarding other applications you may have on your device and how they are used.

If data is collected which makes you identifiable -- such as browsing history or search terms -- AVG says this information is considered personal and will be scrubbed.

"We may also aggregate and/or anonymize personal data we collect about you. For instance, although we would consider your precise location to be personal data if stored separately, if we combined the locations of our users into a data set that could only tell us how many users were located in a particular country, we would not consider this aggregated information to be personally identifiable," AVG states.

So where does this data go? While data deemed "personal" is not sold to third parties, it may be shared with affiliated AVG companies depending on the country and different data protection laws. Your IP may be shared with AVG's search providers, and affiliated vendors may be given information including your email address.

Information which is not considered personal may be shared with third-parties and publicly displayed.

Harvey Anderson, Chief Legal Officer at AVG commented:

"Without privacy online, there can be no security; and without security, there can be no trust. At AVG, we value our customers and believe they should know exactly how their information is being used by us.

Therefore, we have updated our Privacy Policy to make it simpler, clearer and more transparent -- representing only part of a continual evolution to improve AVG user choice and control."

Transparent the policy certainly seems to be, and it will be up to users whether or not they accept the sale of their data in return for a free product. Users can opt-out of certain data collection and usage policies, but instructions on how to do so will not be live until the new privacy policy goes into effect next month.

Read on: Top picks