Each Chrome extension has to reveal which data it collects and how it processes it from 2021 onward

Martin Brinkmann
Nov 19, 2020
Google Chrome
|
18

Starting January 2021, all Chrome extension developers will have to reveal which data it collects and how that data is processed on the extension's Chrome Web Store page. Failure to do so by March 2021 will lead to the eventual termination of the extension and the disabling of it on user devices.

Google is informing Chrome developers currently about the change via email and a blog post on the Chromium blog.

google chrome web store privacy practices

Chrome users who browse the official extensions store find a new Privacy Practices tab when they open individual extensions. The tab lists the data that the extension collects.

Starting January 2021, each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language.

The privacy practices page lists the data that the extension collects, and users may select any item to get a short explanation that provides additional details.

Developers need to certify privacy polices in regards to the selling or transferring of data to third-parties.

Google introduces a new data privacy policy next to that limits how extension developers may use collected data:

  1. It prohibits the use or transfer of user data for personalized advertising.
  2. It prohibits the use or transfer of user data for creditworthiness checks, lending qualification, and to data brokers or information resellers.
  3. Highlights that the sale of user data is never allowed.
  4. Ensure that the use or transfer of data is "for the primary benefit of the user and in accordance with the stated purpose of the extension".

Developers need to provide privacy disclosures when they release or update extensions. The privacy tab of the developer dashboard provides the means to do that. There developers need to check the data that the extension collects at the moment or in the future, and the privacy certification.

The new options are being made available on November 18, 2020 to all developers, and will be displayed on the Chrome Web Store from January 18, 2021 onward.

The Chrome Web Store will show a notification if a developer has not provided a privacy disclosure. Google will reach out to developers who have not provided disclosures starting in March 2021 to give them time to complete the requirement. Developers have 30 days to comply; failure to do so will see the extensions disabled on the Chrome Web Store and deactivated for users who run the extensions in their browsers.

Closing Words

The process is mandatory but it is the developer who fills out the privacy information on the dashboard. Google does not provide the resources to verify that what is filled out by the developer matches what the extension collects actually; while there may be manual checks if extensions are reported to Google or detected, it is a system that is largely based on trust and not verification.

The information is useful nevertheless, as users get a quick rundown on the data that a particular extension collects, provided that the developer has checked the different items truthfully in the dashboard.

The new requirement will certainly lead to some extensions being taken offline; developers who have abandoned their extensions may not come back just to fill out the required data usage fields in the developer dashboard. These extensions will be taken offline then and disabled for users who still use them.

Now You: What is your take on the change? How much of an impact will it make?

Summary
Each Chrome extension has to reveal which data it collects and how it processes it from 2021 onward
Article Name
Each Chrome extension has to reveal which data it collects and how it processes it from 2021 onward
Description
Starting January 2021, all Chrome extension developers will have to reveal which data it collects and how that data is processed on the extension's Chrome Web Store page.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Jimmy said on December 13, 2020 at 3:06 pm
    Reply

    Have you guys notices that recently Chrome WebStore is full of spam extensions? There is at least one irrelevant result in WebStore’s top-three search results!

    Examples:
    Search for “google”
    https://chrome.google.com/webstore/search/google?hl=am&_category=extensions
    Results:
    1. Save to Google Drive -> Legit
    2. Google Calendar -> Legit
    3. Adblock for Youtubeâ„¢ -> Spam

    Search for “facebook”
    https://chrome.google.com/webstore/search/facebook?hl=am&_category=extensions
    Results
    1. Video Downloader Professional -> Spam
    2. Photo Zoom for Facebook -> Legit
    3. Night Shift Redux -> Spam

    Search for “popup”
    https://chrome.google.com/webstore/search/popup?hl=am&_category=extensions
    Results:
    1. Free AdBlocker – block ads, browse safe -> Spam
    2. Pop up blocker for Chromeâ„¢ – Poper Blocker -> Legit
    3. Sigma Adblock -> Spam
    Most of these spam/irrelevant extensions have a package size of about 2 megabytes! There is something funky going on.

    Most of these spam/irrelevant extensions have a package size of about 2 megabytes! There is something funky going on.

  2. Splinter said on November 20, 2020 at 4:44 am
    Reply

    Comedy Gold.

  3. ULBoom said on November 20, 2020 at 1:21 am
    Reply

    Google, stifling the competition again. Their four points are exactly the core of Google’s business. Doesn’t really matter though; I doubt Google knows much about what goes on behind the scenes, they’re far too big.

    I guess this reads like a good idea but how many extensions are there, who’s going to review the submissions and who’s going to verify the claims are true?

    From when I used Chromium and spent time looking for extensions, most were phone culture fluff; incomplete or insanely excessive in what they claimed to do. Very hard to find simple utilities not masquerading as data collectors.

    Nutty to trust that developers of shady apps are going to honestly address those four points if they don’t care to. So they get caught and thrown out, big deal. Come back in a week with a new identity and new promises.

    This seems like another paper tiger show of integrity by Google. Social media has rationalized altered realities worldwide; make up stuff, then sign off and reinvent yourself. Repeat daily.

  4. Herman Cost said on November 19, 2020 at 5:22 pm
    Reply

    This should be more grist for the antitrust mill. As just one of the hopefully many remedies they apply to Google, The government can certainly hold Google up to the same standard it is holding the extension developers.

  5. Mindless Robot said on November 19, 2020 at 5:11 pm
    Reply

    A nice example of the ‘Do as I say, not as I do’ business model.
    A business model that seems to be worth mega-billions in yearly revenue.
    Much like the ‘government’, the Big-G hates competition.

  6. pHROZEN gHOST said on November 19, 2020 at 4:14 pm
    Reply

    Let’s demand that Google reveal what they collect … all of it.

  7. Tom Rupert said on November 19, 2020 at 2:18 pm
    Reply

    I’m shocked, everyone should report to Google. Does Google report to anyone? thank God I moved to the utopia ecosystem, where my correspondence is not stored on Google servers, or on any other servers at all

  8. SpywareFan said on November 19, 2020 at 11:45 am
    Reply

    “It prohibits the use or transfer of user data for personalized advertising.”, because that and mass surveillance is a Google Business!
    Google should be eradicated from the web.

  9. Darth Google said on November 19, 2020 at 11:00 am
    Reply

    Google is a bunch of hypocrites. How about all Google operating systems, applications, web-apps, websites, phones, and other hardware reveal exactly what data they collect and exactly how Google processes all that data.

    And how about presenting all that information is an easily readable format BEFORE Google has already collected any data?

    1. some1 said on November 19, 2020 at 10:39 pm
      Reply

      There is no hypocrisy. Google is essentially saying only we can collect user data, don’t you dare get into our turf!

  10. Foogle said on November 19, 2020 at 10:35 am
    Reply

    Now imagine if they would do the same for apps on Google Play. BOOOM! 99%: of all apps gone.

    1. Anonymous said on November 19, 2020 at 11:04 am
      Reply

      I think this will follow as well.

      They will do it similar to Apple. First, they will offer a native tracking solution and then create rules that essentially disallow any other solution. But Google is currently waiting for the the tracking market to dry up during the nexdt years. In the future, only big tech will be able to monitor us.

      1. White said on November 19, 2020 at 1:20 pm
        Reply

        @Anonymous

        WOW!

  11. ShintoPlasm said on November 19, 2020 at 9:43 am
    Reply

    What about Chrome itself? Hahahahaha.

    1. Anonymous said on November 19, 2020 at 11:03 pm
      Reply

      Diversionary tactic. Point at others often enough and say “we are protecting you” loud enough, maybe they’ll have faith we do the right thing.

    2. Iron Heart said on November 19, 2020 at 10:32 am
      Reply

      @ShintoPlasm

      To be fair, they have a privacy policy. By downloading and installing Chrome, you’ve accepted it, no matter whether you’ve actually read it or not.

      1. Anonymous said on November 19, 2020 at 11:28 pm
        Reply

        You left off, ‘whether you understood it or not’. Most privacy agreements are nothing other than weasel words.

      2. ShintoPlasm said on November 19, 2020 at 3:13 pm
        Reply

        Of course. Their policy is more or less “You – All – Data – Ours – Now – Forever”.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.