Google is to finally tackle the pervasive use of data-harvesting by Chrome extensions.

From July, the search giant will require all add-ons on the Chrome Web Store that collect user data in the background to ask you for your explicit permission to collect your data ‘via a prominent disclosure’ during install. Developers must also add encryption and  link to a privacy policy in their web store description.

But Google is not stopping there.

Extensions which collect data about your web habits when this behaviour is not integral to the add-on’s functionality — e.g., a toolbar weather app doesn’t need to access your entire browsing history to show the temperature — are going to be removed from the Chrome Web Store. 

The strict new User Data Policy comes into effect from July. Non-compliant add-ons still in the store after this date will be removed.

Explaining the reasons behind the change in a blog post, Google says: “protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled.”

About time, Google!

We get notified of hundreds of Chrome extensions by developers looking for a plug.  The majority of these we never write about because they have excessive permissions requests that are not needed.

We rarely bother to review any extension that asks for permissions to read, collect and change data on websites you visit.  And on the rare occasion we do (for example, if the add-on is from a reputable company and not a nameless developer) we tell you about this drawback up-front. 

A lot of other Chrome blogs are happy to aimlessly advise you to install an add-on that’s addled with this data harvesting drawback. We aren’t. This new user policy makes everyone’s lives easier.

Be prepared to see a lot of popular add-ons vanish from the store and users’ toolbars over the coming months…

Extensions chrome web store security