
Ensuring Transparency and Choice in the Chrome Web Store - twapi
http://blog.chromium.org/2016/04/ensuring-transparency-and-choice-in.html
======
spdustin
Before I click it, the cynic in me feels like this link goes to some bad news.
I feel so jaded. Burned. Am I alone?

Going to click thru now.

Edit below:

That didn't take long. From the site (which didn't load with my content
blocker "Focus" active, by the way, so I almost missed it):

 _If your Product handles personal or sensitive user data that is not closely
related to functionality described prominently in the Product’s Chrome Web
Store page and user interface, then prior to the collection, it must:_

It goes on to say that it must, basically, get informed consent at that moment
in time, rather than passively listing it in a privacy policy somewhere.

The way it should read, IMHO:

 _If your Product handles personal or sensitive user data, then prior to the
collection, it must:_

And then enforce this via the API itself. If we've learned anything, it's that
random browser extension authors are not likely to care, or will creatively
interpret this language to suggest their collection of PII is related to
something "described prominently" as required, but only with specific semantic
interpretations of "described".

Why are these sorts of decisions left to the ISVs when the platform itself
could do a much better job of ensuring compliance. Further, changes to
compliance requirements could be implemented in the platform rather than in a
document that is toothless for three months, all the while extensions leak PII
everywhere (yeah I know what that looked like).

