Google is about to make it harder for Chrome extensions to collect your browsing data without letting you know about it, according to a new policy announced Friday.
Starting in mid-July, developers releasing Chrome extensions will have to comply with a new User Data Policy that governs how they collect, transmit and store private information. Extensions will have to encrypt personal and sensitive information, and developers will have to disclose their privacy policies to users.
Developers will also have to post a “prominent disclosure” when collecting sensitive data that isn’t related to a prominent feature. That’s important, because extensions have tremendous power to track users’ browsing habits and then use that for nefarious purposes.
With this change, an extension that’s marketed as a way to add themes to social media sites but also scrapes the number of friends a user has on that site for sale or research purposes will have to prominently tell users about it.
By requiring developers to be up front about what they might be collecting behind the scenes, Google can help make sure that its users are protected from shady extensions, and make sure that people know how their information is being used.
However, users shouldn’t expect prominent disclosures for every piece of information collected. For example, Google allows developers to collect anonymized data about how people use their extensions without a prominent disclosure (though it should be represented in their privacy policies).
Google has given developers until July 14 to update their extensions to comply with the new policy. After that, extensions that don’t follow Google’s new guidelines will be removed from the Chrome Web Store.