The changes in the EULA are obviously related to the new Avast features.
WebRep is one thing -- as the URL database is in the cloud, it's quite obvious that the URLs are being transferred to our servers. Similarly for FileRep (file hashes + metadata).
This is basically how these things work (the database cannot be stored locally, simply because it's a multi-terabyte thing).
Regarding the "personally identifiable information" clause - please note that the term "personally identifiable" is quite stringent. For example, the IP address is considered as "personally identifiable" (at least in the European jurisdiction). Yes, we have to work with your IP addresses (because that's how communication on the Internet works). Yes, we do store server-side logs (containing this info), as without them, we wouldn't be able to troubleshoot any infrastructure problems.
Regarding the transfer of the information to third parties or to other countries. Well, this is a bit subtler. We reserve the right to work with technology partners, and if useful, share some information with them (e.g. number of users running each version etc). The clause is probably little too vague (or too scary) - the EULA was written by our law firm and they always try to put in more than less.
(Same applies e.g. to the tracking cookies mentioned there -- avast currently doesn't do anything with these but they're still mentioned there)...
Thanks
Vlk