Google this week announced an update to its Chrome store policies that requires all extensions to be explicit about the collection and use of user data.
The changes, which will be enforced in January 2021, follow previous policies that require extensions to only request those permissions they need to implement their features.
Now, Google is limiting what developers are allowed to do with the user data they collect, and the new policy requires developers to be clear about their extension’s privacy practices, directly on the Chrome Web Store listing.
“Starting January 2021, each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language. Data disclosure collection is available to developers today,” Google says.
To limit the manner in which extension developers use collected data, Google now requires that the use of or transfer of user data is “for the primary benefit of the user and in accordance with the stated purpose of the extension.”
Furthermore, Google does not allow extension developers to sell user data, and prohibits the use/transfer of that data for personalized advertising, or for creditworthiness or any form of lending qualification.
“The item listing page will also display whether the developer has certified that their extension complies with this new policy,” the company explains.
The new policy requires developers looking to publish or update an extension to provide information on data usage from the privacy tab of the developer dashboard, including details on what data is being collected and certification of compliance with the new Limited Use policy.
“The disclosure form is grouped by category to make it simpler for developers, and maps exactly to the disclosures that will be displayed to Chrome users. Most of this information will be consistent with existing privacy policies that developers have provided to the Chrome Web Store,” the Internet giant says.
Google has already released the data disclosures collection to developers and will display them on the Chrome Web Store listing starting January 18, 2021. To inform users, starting that day, a notice will be shown on the store listings of developers who haven’t provided privacy disclosures.
Related: Chrome 86 Starts Blocking Abusive Notification Permission Requests
Related: Google Axes 500 Chrome Extensions Exfiltrating User Data
Related: Chrome Extensions Policy Hits Deceptive Installation Tactics
More from Ionut Arghire
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
Latest News
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
- Backslash Snags $8M Seed Financing for AppSec Tech
