AVG Antivirus is an antivirus application that uses tracking of user interactions.
AVG Antivirus has an installer that points at an End User License Agreement. Before the user is able to read this, it has already started tracking the user. The End User License Agreement does not even allow copy and paste to save selected information for a later point, but is available online as well. Usage behaviour tracking is described as “information about your […] use of Solutions”.
7.1. The term “Data,” as used in this Agreement and the Privacy Policy, means: (a) the information you provide to Vendor, another member of the Vendor Group, or a Vendor Partner in the course of ordering Solutions, including your name, billing address (including postal code), email address, phone number, payment card or account number, payment card or account verification code, payment card commencement date and expiration date, the account password you select for your account with Vendor or another member of the Vendor Group, and other Billing Data as defined in Vendor’s Privacy Policy (the “Privacy Policy”, which you can find here) (collectively, “Transaction Data”); (b) information Vendor, another member of the Vendor Group or a Vendor Partner collects in the course of processing and fulfilling your orders for Solutions, including information about the make, model, operating system and other identifying details of your Device, the name of your Internet service provider, your Internet Protocol (IP) address; and (c) information about your installation and use of Solutions ((b) and (c) collectively being referred to as “Service Data” in the Privacy Policy).
Is it spyware?
We use the ASCs definition of Tracking Software and Spyware:
- Tracking software
- Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”
- Spyware
- In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”
Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.
- Information
- Very insufficient: hidden deep within a page long EULA, user tracking is mentioned.
- Consent
- Bad: tracking starts before the user is informed.
- Control
- Good: after installation, the settings allow to disable selected telemetry. It is possible to disable telemetry for marketing without disabling.