Lies, Damn Lies, and Data Protection

Perusing the news this morning I was drawn back to the article about Jumpshot on TechCrunch, Avast’s marketing technology subsidiary. They announced it will shut down after pressures mounted after investigations uncovered that Jumpshot was harvesting & selling user behavior data from it’s anti-virus tech without offering consent and control.

Two things drew me back to reading.

1) How ‘typical’ this story is over the long term – this is certainly not the first nor the last story you’ll read about anti-virus software being a vector for data risks and threats.

2) This quote at the bottom from Avast’s CEO:

“During all those years, both Avast and Jumpshot acted fully within legal bounds – and we very much welcomed the introduction of GDPR in the European Union in May 2018, as it was a rigorous legal framework addressing how companies should treat customer data. Both Avast and Jumpshot committed themselves to 100% GDPR compliance.”


Comments like these from Avast expose the steep knowledge gap that exists between data & technology companies and the customers who rely on them for their services. Whether you want to talk about the letter or the spirit of the law, there’s no question that collecting, storing, and selling customer data information without their explicit consent does not comply – in fact it explicitly violates – GDPR and the protections and safeguards it requires.

These regulations are complicated — should every business leader read through each detail of the law and become a legal scholar on the subject? Absolutely not. But there are practical things you can watch out for when selecting your advertising, marketing, and cloud technology partners:

  • It’s very easy to say you are GDPR compliant, or CCPA compliant, or any number of various data protections and certifications. These are great signals to look for in a potential 3rd party data partner. But ask yourself when a potential vendor repeatedly and loudly claims they are as such, ask yourself if thou doth protest too much?

  • Be careful whenever a vendor offers you prospect or customer’s personal information that you didn’t have before, and you’re unsure about how it’s been collected. It doesn’t mean they’ve done anything unethical, illegal or non-compliant, but it’s a good place to pause and get someone to explain it their process to you in simple terms.

There’s plenty more to say, but remember that your business depends not only on how you collect, utilize, and protect information about your customers, but also on how that same data is being used by every 3rd party partner with which you do business. If you aren’t sure what 3rd parties your marketing & customer acquisition depends on today, learn more about how we can help.

About the Author

Matt Butler
Ex-Googler of 12 years, Matt was a founding member of Google’s analytical consulting team, developing analytics, statistical forecasting, auction modeling, and machine learning for companies such as Procter & Gamble, Coca-Cola, Unilever, Kohl’s, Best Buy, and many more. He went on to lead global technical partnerships before leaving to found Bonsai in February, 2020.