With Project Strobe, Google is conducting a “root-and-branch review” of third-party developer access to personal data. In May, the company announced that the initiative would look at Chrome Extensions, with new policies coming into effect this October.
Google today published the two new Chrome Web Store policies that developers have to abide by later this year. In the past, extensions were only encouraged to “request access to the least amount of data.” This is now a requirement for all third-party browser tools and utilities.
Meanwhile, extensions that handle personal communications and user-provided content must post privacy policies. This rule previously only applied to Chrome add-ons that handled personal and sensitive user data.
Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data.
The exact wording has just been released after the heads-up provided in May. Developers have until October 15th to follow the updated User Data Policy before Google begins enforcement.
After October 15, 2019, items that violate these updates to the User Data policy will be removed or rejected from the Web Store and will need to become compliant to be reinstated. We will continue to take action on violations of the User Data Policy in its current form.
Google also provided some guidelines for developers auditing their Chrome extensions:
- Inventory your extensions’ current permissions and, where possible, switch to alternatives that are more narrowly scoped. Additionally, include a list of permissions used and the reasons you require them in your Chrome Web Store listing or in an “about page” in your extension. If you expand the features of your extension and require a new permission, you may only request the new permission in the updated version of the extension.