Each Chrome extension has to reveal which data it collects and how it processes it from 2021 onward
Starting January 2021, all Chrome extension developers will have to reveal which data it collects and how that data is processed on the extension's Chrome Web Store page. Failure to do so by March 2021 will lead to the eventual termination of the extension and the disabling of it on user devices.
Google is informing Chrome developers currently about the change via email and a blog post on the Chromium blog.
Chrome users who browse the official extensions store find a new Privacy Practices tab when they open individual extensions. The tab lists the data that the extension collects.
Starting January 2021, each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language.
The privacy practices page lists the data that the extension collects, and users may select any item to get a short explanation that provides additional details.
Developers need to certify privacy polices in regards to the selling or transferring of data to third-parties.
Google introduces a new data privacy policy next to that limits how extension developers may use collected data:
- It prohibits the use or transfer of user data for personalized advertising.
- It prohibits the use or transfer of user data for creditworthiness checks, lending qualification, and to data brokers or information resellers.
- Highlights that the sale of user data is never allowed.
- Ensure that the use or transfer of data is "for the primary benefit of the user and in accordance with the stated purpose of the extension".
Developers need to provide privacy disclosures when they release or update extensions. The privacy tab of the developer dashboard provides the means to do that. There developers need to check the data that the extension collects at the moment or in the future, and the privacy certification.
The new options are being made available on November 18, 2020 to all developers, and will be displayed on the Chrome Web Store from January 18, 2021 onward.
The Chrome Web Store will show a notification if a developer has not provided a privacy disclosure. Google will reach out to developers who have not provided disclosures starting in March 2021 to give them time to complete the requirement. Developers have 30 days to comply; failure to do so will see the extensions disabled on the Chrome Web Store and deactivated for users who run the extensions in their browsers.
Closing Words
The process is mandatory but it is the developer who fills out the privacy information on the dashboard. Google does not provide the resources to verify that what is filled out by the developer matches what the extension collects actually; while there may be manual checks if extensions are reported to Google or detected, it is a system that is largely based on trust and not verification.
The information is useful nevertheless, as users get a quick rundown on the data that a particular extension collects, provided that the developer has checked the different items truthfully in the dashboard.
The new requirement will certainly lead to some extensions being taken offline; developers who have abandoned their extensions may not come back just to fill out the required data usage fields in the developer dashboard. These extensions will be taken offline then and disabled for users who still use them.
Now You: What is your take on the change? How much of an impact will it make?
Have you guys notices that recently Chrome WebStore is full of spam extensions? There is at least one irrelevant result in WebStore’s top-three search results!
Examples:
Search for “google”
https://chrome.google.com/webstore/search/google?hl=am&_category=extensions
Results:
1. Save to Google Drive -> Legit
2. Google Calendar -> Legit
3. Adblock for Youtubeâ„¢ -> Spam
Search for “facebook”
https://chrome.google.com/webstore/search/facebook?hl=am&_category=extensions
Results
1. Video Downloader Professional -> Spam
2. Photo Zoom for Facebook -> Legit
3. Night Shift Redux -> Spam
Search for “popup”
https://chrome.google.com/webstore/search/popup?hl=am&_category=extensions
Results:
1. Free AdBlocker – block ads, browse safe -> Spam
2. Pop up blocker for Chromeâ„¢ – Poper Blocker -> Legit
3. Sigma Adblock -> Spam
Most of these spam/irrelevant extensions have a package size of about 2 megabytes! There is something funky going on.
Most of these spam/irrelevant extensions have a package size of about 2 megabytes! There is something funky going on.
Comedy Gold.
Google, stifling the competition again. Their four points are exactly the core of Google’s business. Doesn’t really matter though; I doubt Google knows much about what goes on behind the scenes, they’re far too big.
I guess this reads like a good idea but how many extensions are there, who’s going to review the submissions and who’s going to verify the claims are true?
From when I used Chromium and spent time looking for extensions, most were phone culture fluff; incomplete or insanely excessive in what they claimed to do. Very hard to find simple utilities not masquerading as data collectors.
Nutty to trust that developers of shady apps are going to honestly address those four points if they don’t care to. So they get caught and thrown out, big deal. Come back in a week with a new identity and new promises.
This seems like another paper tiger show of integrity by Google. Social media has rationalized altered realities worldwide; make up stuff, then sign off and reinvent yourself. Repeat daily.
This should be more grist for the antitrust mill. As just one of the hopefully many remedies they apply to Google, The government can certainly hold Google up to the same standard it is holding the extension developers.
A nice example of the ‘Do as I say, not as I do’ business model.
A business model that seems to be worth mega-billions in yearly revenue.
Much like the ‘government’, the Big-G hates competition.
Let’s demand that Google reveal what they collect … all of it.
I’m shocked, everyone should report to Google. Does Google report to anyone? thank God I moved to the utopia ecosystem, where my correspondence is not stored on Google servers, or on any other servers at all
“It prohibits the use or transfer of user data for personalized advertising.”, because that and mass surveillance is a Google Business!
Google should be eradicated from the web.
Google is a bunch of hypocrites. How about all Google operating systems, applications, web-apps, websites, phones, and other hardware reveal exactly what data they collect and exactly how Google processes all that data.
And how about presenting all that information is an easily readable format BEFORE Google has already collected any data?
There is no hypocrisy. Google is essentially saying only we can collect user data, don’t you dare get into our turf!
Now imagine if they would do the same for apps on Google Play. BOOOM! 99%: of all apps gone.
I think this will follow as well.
They will do it similar to Apple. First, they will offer a native tracking solution and then create rules that essentially disallow any other solution. But Google is currently waiting for the the tracking market to dry up during the nexdt years. In the future, only big tech will be able to monitor us.
@Anonymous
WOW!
What about Chrome itself? Hahahahaha.
Diversionary tactic. Point at others often enough and say “we are protecting you” loud enough, maybe they’ll have faith we do the right thing.
@ShintoPlasm
To be fair, they have a privacy policy. By downloading and installing Chrome, you’ve accepted it, no matter whether you’ve actually read it or not.
You left off, ‘whether you understood it or not’. Most privacy agreements are nothing other than weasel words.
Of course. Their policy is more or less “You – All – Data – Ours – Now – Forever”.