chromeextensions100656422orig
Security

Chrome extensions will soon have to tell you what data they collect

Google is about to make it harder for Chrome extensions to collect your browsing data without letting you know about it, according to a new policy announced Friday.

Starting in mid-July, developers releasing Chrome extensions will have to comply with a new User Data Policy that governs how they collect, transmit and store private information. Extensions will have to encrypt personal and sensitive information, and developers will have to disclose their privacy policies to users.

Developers will also have to post a "prominent disclosure" when collecting sensitive data that isn't related to a prominent feature. That's important, because extensions have tremendous power to track users' browsing habits and then use that for nefarious purposes.

With this change, an extension that's marketed as a way to add themes to social media sites but also scrapes the number of friends a user has on that site for sale or research purposes will have to prominently tell users about it.

By requiring developers to be up front about what they might be collecting behind the scenes, Google can help make sure that its users are protected from shady extensions, and make sure that people know how their information is being used.

However, users shouldn't expect prominent disclosures for every piece of information collected. For example, Google allows developers to collect anonymized data about how people use their extensions without a prominent disclosure (though it should be represented in their privacy policies).

Google has given developers until July 14 to update their extensions to comply with the new policy. After that, extensions that don't follow Google's new guidelines will be removed from the Chrome Web Store.

IDG Insider

PREVIOUS ARTICLE

« Japan earthquakes disrupt electronics supply chain

NEXT ARTICLE

Schools put on high alert for JBoss ransomware exploit »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?