Google Tightens Chrome Extension Privacy Rules

Google is making Chrome extension publishers give users more details about the data they collect. They will also have to promise to follow a new policy limiting the way they use the data.

Extensions are third-party tools (called plug-ins or add-ons with some browsers) that interact with a web browser to provide a useful function. Examples include password managers that automatically fill in log-in details on a site, and an official Amazon plug-in that can send a copy of a long web page article direct to a Kindle e-Reader.

One of the main concerns about extensions is that they inherently need to access some personal data, such as what pages somebody visits or what information they type in to a website. That's previously led to Google introducing rules that mean extension publishers can only ask for permission to carry out necessary functions. They must also link to privacy policies covering how they use data.

Data Selling Banned

The new rules mean extension publishers will also have to give users a list of what types of personal data they collect, based around nine categories:

• Personally identifiable information
• Health information
• Financial and payment information
• Authentication information
• Personal communication (such as emails)
• Location
• Web history
• User activity
• Website content

Publishers will also have to tick three boxes to publicly confirm they follow new rules which ban the following:

• Sell user data to third parties
• Use or share data for a reason other than the main reason stated purpose of the extension
• Use or share data for credit checking

January Deadline

Chrome extension publishers have until January 18, 2021 to complete the declarations, which will then appear on their listing in the Chrome web store. Perhaps surprisingly, missing this deadline won't mean the extension is removed or suspended.

Instead there will simply be a notice that appears on the listing reading "The publisher has not provided any information about the collection or usage of your data" and then a link to the publisher's privacy policy. However, even if the publisher hasn't completed the declarations, they will still be legally bound by the new rules.

What's Your Opinion?

Do you use browser extensions? Do you pay much attention to the privacy policies and declarations? Should Google be tougher about blocking extensions that don't mean their rules?