Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Google Asks Chrome Extensions to Post Privacy Policies

Google this week announced an update to its Chrome store policies that requires all extensions to be explicit about the collection and use of user data.

The changes, which will be enforced in January 2021, follow previous policies that require extensions to only request those permissions they need to implement their features.

Google this week announced an update to its Chrome store policies that requires all extensions to be explicit about the collection and use of user data.

The changes, which will be enforced in January 2021, follow previous policies that require extensions to only request those permissions they need to implement their features.

Now, Google is limiting what developers are allowed to do with the user data they collect, and the new policy requires developers to be clear about their extension’s privacy practices, directly on the Chrome Web Store listing.

“Starting January 2021, each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language. Data disclosure collection is available to developers today,” Google says.

To limit the manner in which extension developers use collected data, Google now requires that the use of or transfer of user data is “for the primary benefit of the user and in accordance with the stated purpose of the extension.”

Furthermore, Google does not allow extension developers to sell user data, and prohibits the use/transfer of that data for personalized advertising, or for creditworthiness or any form of lending qualification.

“The item listing page will also display whether the developer has certified that their extension complies with this new policy,” the company explains.

The new policy requires developers looking to publish or update an extension to provide information on data usage from the privacy tab of the developer dashboard, including details on what data is being collected and certification of compliance with the new Limited Use policy.

“The disclosure form is grouped by category to make it simpler for developers, and maps exactly to the disclosures that will be displayed to Chrome users. Most of this information will be consistent with existing privacy policies that developers have provided to the Chrome Web Store,” the Internet giant says.

Google has already released the data disclosures collection to developers and will display them on the Chrome Web Store listing starting January 18, 2021. To inform users, starting that day, a notice will be shown on the store listings of developers who haven’t provided privacy disclosures.

Related: Chrome 86 Starts Blocking Abusive Notification Permission Requests

Related: Google Axes 500 Chrome Extensions Exfiltrating User Data

Related: Chrome Extensions Policy Hits Deceptive Installation Tactics

Related: Google Tightens Rules for Chrome Extensions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...