User Data FAQ
1. How do I determine if my Product is compliant with the User Data Policy or if I need to make any changes?
Read these frequently asked questions in order (from top to bottom) and they will lead you through a series of steps to help determine whether any changes are needed. The first question is: Does your Product handle personal or sensitive user data?
2. What does “handle” mean in the User Data Policy? What are some common ways a Product handles sensitive or personal user data?
Generally, by “handle” we mean collecting, transmitting, using, or sharing user data. Here are some examples of functionality that handle sensitive or personal user data:
- Having login functionality (even if you use a third-party system, like Google authentication)
- Having a form that collects any type of personally identifiable information (see the answer to question #3 for more information)
- Clipping or scraping content from a website that the user visits, such as taking screenshots or capturing data from a web page Collecting data obtained from web requests, such as a background activity that accesses contacts, emails, files, or other data from a user’s cloud service
- Collecting web browsing activity and any information about the website content or resources a user requests or interacts with, including the domains or URLs the browser interacts with, the content of the HTTP requests and responses, and data in a website’s browser storage (like cookies)
3. What are examples of sensitive or personal user data?
Sensitive or personal user data may include:
- Personally identifiable information (including a person’s name, address, telephone number, email address, and username. It also includes any type of identification number, such as a government issued number, driver’s license number, or account number),
- Financial and payment information,
- Health information, Authentication information (such as logins, password, and authentication cookies),
- Website content and resources,
- Form data, and
- Web browsing activity (which is any information about the websites or other web resources a user requests or interacts with, including the domains or URLs the browser interacts with).
4. My Product DOES NOT handle sensitive or personal data. What do I need to do?
Because your Product doesn’t handle personal or sensitive user data, you do not need to review the remaining questions in this FAQ.
5. My Product DOES handle sensitive or personal data. What do I need to do?
Products that handle personal or sensitive user data must, at a minimum:
- Handle the user data securely, including transmitting it via modern cryptography.
Read the policy and the answers to the other FAQs because certain uses of personal or sensitive user data are subject to additional requirements or are prohibited.
7. Does all user data need to be encrypted?
While we strongly recommend that you encrypt all transmissions facilitated by your Product (see our Google I/O 2014 talk on HTTPS Everywhere), this policy establishes a minimum requirement of encrypting transmissions of all personal or sensitive user data.
8. What type of encryption does the User Data Policy require?
Your Product may use any type of modern cryptography, such as free and commercially available TLS implementations and ciphers, but you should not use any cipher suite that is blacklisted by IETF. Our requirements may change over time.
9. Does my Product’s handling of personal or sensitive user data require a prominent disclosure and affirmative consent?
These requirements only apply when both:
- The Product handles personal or sensitive user data AND
- The handling of that personal or sensitive user data is not closely related to functionality described prominently in the Product’s Chrome Web Store page and user interface.
Here are a few examples:
|Description||Prominent Disclosure Required?|
|An extension whose sole marketed purpose is to sync a user’s browser history to a central service.||Prominent Disclosure not Required
(a) Sensitive Data? Sensitive (web browsing activity)
(b) Relation to Described Functionality? Related (the marketed purpose was to sync the history)
|An extension, app, or hosted app collects and transmits anonymous usage information about how frequently users click on or see various user interface elements of the Product.||Prominent Disclosure not Required
(a) Sensitive Data? Not Sensitive (this type of anonymous usage data is not personal or sensitive)
(b) Relation to Described Functionality? Unrelated (usage collection statistics aren’t usually disclosed so prominently and aren’t closely related to user functionality)
|An extension whose sole marketed purpose is add themes to popular social media sites, but also anonymously scrapes the number of friends a user has, for sale or research purposes.||Prominent Disclosure Required
(a) Sensitive Data? Sensitive (website content or resources)
(b) Relation to Described Functionality? Unrelated (not closely related to a described functionality)
|An extension, app, or hosted app that handles an email address for login purposes and also provides that email address to others for the others' marketing purposes.||Prominent Disclosure Required
(a) Sensitive Data? Sensitive (personally identifiable information)
(b) Relation to Described Functionality? Unrelated (while the use for authentication is closely related to the user functionality, the transfer to others for marketing purposes is not)
10. How do I satisfy the prominent disclosure requirement?
To obtain consent, the Product must ask the user to agree to the prominent disclosure in a manner that requires them to take a specific action clearly agreeing to the disclosure before collecting or using the personal or sensitive user data.
The prominent disclosure and consent must occur within the Product’s user interface. Disclosures in the Chrome Web Store description or inline installation page do not satisfy this requirement.
11. Can my Product publicly disclose authentication, payment or financial Information?
No. The Other Requirements section prohibits publicly disclosing authentication, payment, or financial information; therefore this product would be in violation of our policies.
12. Can my extension collect web browsing activity not necessary for a user-facing feature, such as collecting behavioral ad-targeting data or other monetization purposes?
No. The Other Requirements section states that an extension can only collect and transmit web browsing activity to the extent required for a user-facing feature that is prominently described in the Chrome Web Store page and user interface. Ad targeting or other monetization of this data isn’t for a user-facing feature. And, even if a user-facing feature required collection of this data, its use for ad targeting or any other monetization of the data wouldn’t be permitted because the Product is only permitted to use the data for the user-facing feature.
13. What are examples of “user-facing features” for the purposes of the restriction on collecting and using web browsing activity in the Other Requirements section?
A “user-facing feature” means functionality provided by the extension via a user interface element (including interactive buttons, text, forms, and images). Compliance with the policy requires that the extension have some type of user interface element and that the element provide some type of functionality needing the web browsing data.
Examples of user-facing features include:
- A browser action button whose popup shows the WHOIS information for the current domain
- A dialog box added to websites by content script that allows users to view others’ and add their own annotations to any web page
- A new tab page that includes a list of recently browsed websites
Examples of features that aren't user-facing include:
- A dialog box disclosing the collection of web browsing history
- An extension that has no interactive UI elements exposed to the user, but collects web browsing activity in the background for another purpose, including providing rewards to the user
15. How does the User Data Policy apply to client applications, such as FTP or IRC clients?
When the Product is a client for an internet protocol with user-specified servers, like an FTP or IRC client, the Personal or Sensitive User Data section does not apply to the Product’s collection of data for, or transmission of data with, the user-specified server.
The User Data Policy still applies, however, to user data handled for other purposes. For example, if the Product required users to enter an email address for registration, then the Product would need to comply with the Personal or Sensitive User Data section of the policy.
16. Does data transmitted between a Chrome app or extension and native programs on the same computer need to be encrypted?