On May 30, Google announced the next iteration of Project Strobe, a root-and-branch review of third-party developer access to user data. This announcement included the following two updates to our User Data Policy:

• We’re requiring extensions to only request access to the least amount of data. While this has previously been encouraged of developers, now we’re making this a requirement for all extensions.

• We’re requiring more extensions to post privacy policies, including extensions that handle personal communications and user-provided content. Our policies have previously required any extension that handles personal and sensitive user data to post a privacy policy and handle that data securely. Now, we’re expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data. 

The policies for these two changes are now published to the updated User Data Policy. They will go into effect on October 15, 2019.

To ensure compliance with this policy update, we suggest developers check their extensions per the guidelines below. After October 15, 2019, items that violate these updates to the User Data policy will be removed or rejected from the Web Store and will need to become compliant to be reinstated. We will continue to take action on violations of the User Data Policy in its current form.

• Inventory your extensions' current permissions and, where possible, switch to alternatives that are more narrowly scoped. Additionally, include a list of permissions used and the reasons you require them in your Chrome Web Store listing or in an "about page" in your extension. If you expand the features of your extension and require a new permission, you may only request the new permission in the updated version of the extension.

• If your extension handles Personal or Sensitive User Data, which now also includes, user-provided content and personal communications, your Product must both post a privacy policy and handle the user data securely, including transmitting it via modern cryptography. To add a privacy policy, use the developer dashboard to link to your privacy policy with your developer account. All your published extensions share the same privacy policy.

You can find more information in the updated User Data FAQ. Thank you for joining us in building a better web with transparency, choice and control for both users and developers.

People have high expectations for their shopping experience on the web — whether booking a vacation, or buying tickets to a hot concert before they’re gone. They want a fast, seamless, and safe experience that works across all their devices.

That’s why today we are making payments in Chrome more convenient: When you’re signed into Chrome on your laptop, you’ll be able to use payment methods previously saved to your Google Account to fill in checkout forms. And you can use this feature without having to turn on Chrome sync. You'll also be able to use the payment info you’ve saved in your Google Account across your devices in Chrome where you’re signed in, and wherever Google Pay is accepted.

You are always in control: When you’re signed-in and Chrome offers you the option of using a card from your Google Account, it will ask you to confirm the card’s CVC. If you choose to save a new card to your account, you will receive a confirmation email from Google Pay with additional information. You can manage and delete the cards in your account at anytime by going to your Google Account > Payments & subscriptions > Payment methods.