Transparent privacy practices for Chrome Extensions

Protecting users and their data is a fundamental aspect of the work we do on Chrome. Last year, as part of Google’s Project Strobe, we announced an important set of policies for extensions to protect users and their data. These policies require extensions to request only the permissions needed to implement their features. Additionally, we required more extensions to post privacy policies and handle user data securely.  

Today, we are announcing changes that build upon those protections with an update to our developer policy that limits what extension developers can do with the data they collect. The new policy also requires developers to certify their data use practices, and display that information directly on the Chrome Web Store listing to help users understand an extension’s privacy practices. 

Simplifying privacy practices for our users

Starting January 2021, each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language. Data disclosure collection is available to developers today. 

Updating our user data privacy policy

We are also introducing an additional policy focused on limiting how extension developers use data they collect. More specifically:

  • Ensuring the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension.

  • Reiterating that the sale of user data is never allowed. Google does not sell user data and extension developers may not do this either.

  • Prohibiting the use or transfer of user data for personalized advertising. 

  • Prohibiting the use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers. 

The item listing page will also display whether the developer has certified that their extension complies with this new policy. 

Developer-provided privacy disclosures

To publish or update an extension, our new policy will require developers to provide data usage disclosures directly from the privacy tab of the developer dashboard. These disclosures include:

  • The nature of the data being collected from users.  

  • The developer’s certification that they comply with the new Limited Use policy. 

The disclosure form is grouped by category to make it simpler for developers, and maps exactly to the disclosures that will be displayed to Chrome users. Most of this information will be consistent with existing privacy policies that developers have provided to the Chrome Web Store. 

Data disclosures collection will be made available to developers today, and will be displayed on the Chrome Web Store listing starting January 18, 2021

For developers who have not yet provided privacy disclosures by January 18, 2021, a notice will be shown on their Chrome Web Store listings to inform users that the developer hasn’t certified that they comply with the Limited Use policy yet. 

You can find the full policy in the Developer Program Policies page as well as additional details in the User Data FAQ .

Thank you for working with us to build a better web with transparency, choice, and control for everyone.

Posted by Alexandre Blondin and Mark M. Jaycox, Chrome Product & Policy

Read More