Skip to main content

Google enforcing stricter privacy rules for Chrome extensions this October

With Project Strobe, Google is conducting a “root-and-branch review” of third-party developer access to personal data. In May, the company announced that the initiative would look at Chrome Extensions, with new policies coming into effect this October.

Google today published the two new Chrome Web Store policies that developers have to abide by later this year. In the past, extensions were only encouraged to “request access to the least amount of data.” This is now a requirement for all third-party browser tools and utilities.

Meanwhile, extensions that handle personal communications and user-provided content must post privacy policies. This rule previously only applied to Chrome add-ons that handled personal and sensitive user data.

Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data.

The exact wording has just been released after the heads-up provided in May. Developers have until October 15th to follow the updated User Data Policy before Google begins enforcement.

After October 15, 2019, items that violate these updates to the User Data policy will be removed or rejected from the Web Store and will need to become compliant to be reinstated. We will continue to take action on violations of the User Data Policy in its current form.

Google also provided some guidelines for developers auditing their Chrome extensions:

  1. Inventory your extensions’ current permissions and, where possible, switch to alternatives that are more narrowly scoped. Additionally, include a list of permissions used and the reasons you require them in your Chrome Web Store listing or in an “about page” in your extension. If you expand the features of your extension and require a new permission, you may only request the new permission in the updated version of the extension.
  2. If your extension handles Personal or Sensitive User Data, which now also includes, user-provided content and personal communications, your Product must both post a privacy policy and handle the user data securely, including transmitting it via modern cryptography. To add a privacy policy, use the developer dashboard to link to your privacy policy with your developer account. All your published extensions share the same privacy policy.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications