Starting January 2021, all Chrome extension developers will have to reveal which data it collects and how that data is processed on the extension's Chrome Web Store page. Failure to do so by March 2021 will lead to the eventual termination of the extension and the disabling of it on user devices.
Google is informing Chrome developers currently about the change via email and a blog post on the Chromium blog.
Chrome users who browse the official extensions store find a new Privacy Practices tab when they open individual extensions. The tab lists the data that the extension collects.
Starting January 2021, each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language.
The privacy practices page lists the data that the extension collects, and users may select any item to get a short explanation that provides additional details.
Developers need to certify privacy polices in regards to the selling or transferring of data to third-parties.
Developers need to provide privacy disclosures when they release or update extensions. The privacy tab of the developer dashboard provides the means to do that. There developers need to check the data that the extension collects at the moment or in the future, and the privacy certification.
The new options are being made available on November 18, 2020 to all developers, and will be displayed on the Chrome Web Store from January 18, 2021 onward.
The Chrome Web Store will show a notification if a developer has not provided a privacy disclosure. Google will reach out to developers who have not provided disclosures starting in March 2021 to give them time to complete the requirement. Developers have 30 days to comply; failure to do so will see the extensions disabled on the Chrome Web Store and deactivated for users who run the extensions in their browsers.
The process is mandatory but it is the developer who fills out the privacy information on the dashboard. Google does not provide the resources to verify that what is filled out by the developer matches what the extension collects actually; while there may be manual checks if extensions are reported to Google or detected, it is a system that is largely based on trust and not verification.
The information is useful nevertheless, as users get a quick rundown on the data that a particular extension collects, provided that the developer has checked the different items truthfully in the dashboard.
The new requirement will certainly lead to some extensions being taken offline; developers who have abandoned their extensions may not come back just to fill out the required data usage fields in the developer dashboard. These extensions will be taken offline then and disabled for users who still use them.
Now You: What is your take on the change? How much of an impact will it make?
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.