Google Boosts Privacy for Chrome Extension Users

Google Boosts Privacy for Chrome Extension Users

Google has updated the User Data Policy for its popular Chrome Web Store in a bid to improve user privacy and transparency over when data is collected by third party extensions and apps.

Teresita Perez and Athas Nikolakakos from the Chrome Policy Team explained in a blog post that transparency and choice have been core principals of the browser since its inception.

“Since early on, Chrome has included privacy-protecting features to give users control over their browsing experience, including incognito mode and granular privacy preferences,” they added. “Now, we’re consolidating and expanding our policies about user data to ensure our Chrome Web Store developers follow similar principles.”

The new requirements for developers will include greater transparency about the handling of user data and the disclosure of privacy practices.

They will also be required to post a privacy policy, and use encryption, if handling personal or sensitive information.

Under the new rules, users must also be asked to: “consent to the collection of personal or sensitive data via a prominent disclosure, when the use of the data isn’t related to a prominent feature.”

“We’ll notify developers when we discover items that violate the User Data Policy, and they’ll have until July 14, 2016 to make any changes needed for compliance. Starting July 15th, 2016, items that violate the policy will be removed from the Web Store and will need to become compliant to be reinstated,” they concluded.

“Protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled.”

The policy update comes as Chrome is frequently targeted by cyber-criminals, who particularly favor uploading malicious extensions, as a way to spread malware far and wide for a relatively low TCO.

This is despite Google’s move two years ago to stop users from installing any extensions not hosted on the official Chrome Web Store.

Source: Information Security Magazine