At least they have the decency to tell you. Or do they? There is the usual, industry-standard, alarming lack of detail regarding what they are collecting and how it is being used. For example, AVG may delete your data on request or after a time limit, but what about their customers who bought the data?
Things like this should be opt-in only, and consent is only valid when it is informed consent.
Regarding anonymisation, if the information being passed on is kept as individual users then it can be surprisingly easy to identify the individual concerned. It is not sufficient to simply remove user names & IP addresses. If they are passing on your browsing history then there is likely to me more than enough information to identify you with reasonable precision. Include a tiny amount of location information and gotcha!
(This is why I opted-out of the government's big NHS data project, although it has been reported that opt-outs have been ignored.)