Google makes changes to data collection policies for Chrome extensions
Last year, as part of Google’s Project Strobe, the company introduced new policies that required Chrome extensions to request only the permissions needed to implement their features. Google is now beefing up extension security even more, with new rules that require Chrome extension developers to disclose data collection policies.
Beginning January 2021, extensions in the Chrome Web Store will limit what extension developers can do with the data they collect. The new policy will also require developers to certify their data use practices, and display that information on the Chrome Web Store. Data disclosure collection is available to developers starting today so these changes can be implemented ahead of next year.
Regarding what developers can do with the data they collect, Google has four new policies:
- Ensuring the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension.
- Reiterating that the sale of user data is never allowed. Google does not sell user data and extension developers may not do this either.
- Prohibiting the use or transfer of user data for personalized advertising.
- Prohibiting the use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers.
If developers don’t provide privacy disclosures by the date stated above, a notice will be displayed on their Chrome Web Store listing. This is meant to inform users that the developer has yet to comply with Google’s new policies. Developers who want to participate in the new policies will need to provide data usage disclosures from the privacy tab of their developer dashboard.
Google said the new policies are part of a much larger initiative to protecting users and their data and should help put users at ease when downloading new Chrome extensions. Just this year, the search giant removed more than 70 Chrome extensions that tracked user data and browsing history, so requiring developers to be more transparent about their intentions could provide users with a much safer experience.