The Federal Trade Commission (FTC) proposed Avast pay $16.5 million and be prohibited from selling any browser data to settle charges the software provider sold consumer information to third parties after promising it would not.

The commission voted 3-0 to issue an administrative complaint against Avast and accept a proposed consent agreement. A description of the consent agreement package will be published in the Federal Register and subject to public comment for 30 days, after which the agency will decide whether to finalize the order.

U.K.-based Avast Limited collected the private browsing preferences of consumers, stored it “indefinitely,” and sold the data without notifying the consumers or obtaining their consent, the FTC alleged in its complaint.