Chrome's New Privacy Rules: 3 Things to CHECK (2026)
Chrome Web Store privacy rules tighten on August 1, 2026. Extensions must limit data collection to their stated purpose — three checks take five minutes.
On August 1, 2026, the Chrome Web Store begins enforcing four updated policies announced in Google’s developer blog. Extensions must limit data collection to what their disclosed single purpose requires, prominently disclose everything they collect, and proactively notify users when data handling changes. Non-compliant extensions face enforcement action from the store.
That date is three weeks after this article’s publication, so the window to audit your installed extensions is now. The three checks below take about five minutes total.
What Changes on August 1, 2026
| Policy | New requirement | What it means for you |
|---|---|---|
| Limited Use | Data collection must be strictly necessary to the extension’s disclosed single purpose | A tab manager can no longer justify reading your browsing history |
| Disclosure Requirements | All collection needs prominent disclosure; changes to data handling require proactive notice | You must be told before an extension starts collecting something new |
| Malicious Products | Tools that circumvent AI service safety guardrails are banned | ”Jailbreak” extensions for ChatGPT, Gemini, and similar services disappear |
| Regulated Goods | Extensions enabling real-money bets on predictive outcomes are banned | Prediction-market trading extensions disappear |
The first two rows matter most for ordinary users. Selling data to brokers and ad platforms was already prohibited; the update attacks over-collection at the source and forces disclosure when practices shift.
Check 1: Read the Privacy Practices Tab
Every Chrome Web Store listing has a Privacy practices section. The developer must declare each category of data collected (browsing history, location, user activity, personal identifiers) and certify that data is not sold to third parties or used for unrelated purposes.
Open each installed extension’s listing and compare the declared categories against what the tool does. A screenshot tool declaring “website content” is coherent. A volume booster declaring “browsing history” is the mismatch the new Limited Use rule targets.
Declarations are self-reported, so treat a clean panel as necessary rather than sufficient. The strongest claim an extension can make is collecting nothing at all, because it is independently verifiable: open DevTools on the extension’s service worker and watch the Network tab. SuperchargePerformance (v1.4.5, as of July 2026) makes zero outbound requests and stores everything locally, which is why the new rules require nothing from it.
Check 2: Match Permissions Against the Stated Purpose
Go to chrome://extensions, click Details on each extension, and read the permissions and site access lists. Access to all sites combined with a narrow stated purpose is exactly the pattern the single-purpose rule now gives Google grounds to act on.
Two questions resolve most cases. Does the permission serve the feature you installed it for? And could the extension work with “on click” site access instead of “on all sites”? Chrome lets you downgrade site access yourself from the same Details page, without waiting for the developer.
Check 3: Watch for Data-Practice Change Notices
The proactive-disclosure requirement is the quiet win in this update. Extensions change hands: a legitimate tool gets sold, and the new owner monetizes the installed base’s data access. From August 1, a change in data handling without user notice is itself a policy violation.
So treat any notice about updated data practices as a re-vetting moment, not boilerplate to dismiss. Re-run checks 1 and 2 on that extension. If the declared collection grew and the feature set did not, remove it.
What Happens to Extensions That Ignore the Rules
Google’s announcement states non-compliant extensions “may face enforcement action” without enumerating consequences. In practice the store’s levers are update rejection and listing takedown. A removed extension stays installed but stops receiving updates, and Chrome may disable it if the removal was for policy abuse.
Where that leaves you:
- If an extension you rely on vanishes from the store after August 1, check its listing before assuming a glitch. A takedown is information about the developer.
- If an extension’s privacy panel declares collection that its purpose cannot explain, replace it before enforcement decides for you.
- If you want the audit to stay short next time, prefer extensions whose collection declaration is empty. Zero collected means zero to re-check.
Frequently Asked Questions
When do the new Chrome Web Store privacy rules take effect?
What do the new Chrome Web Store rules actually require?
Will non-compliant extensions be removed from Chrome?
How do I check what data a Chrome extension collects?
Do the new rules stop extensions from selling my browsing data?
Don't miss the next release
Be first to know when we ship something new.
Related Articles
Chrome Privacy Extensions Ranked by Data Collection (2026)
Most "privacy" extensions collect more than they block. We ranked popular extensions by actual telemetry — from zero collection to selling browsing history.
Which Chrome Ad Blocker Blocks YouTube? 5 TESTED (2026)
Most Chrome ad blockers miss YouTube and Twitch video ads — including uBlock Origin. We tested 5 on 14 features. One blocks video ads, popups, and cookies.
Chrome Manifest V2 End of Life: What Dies in August 2026
Manifest V2 end of life completes summer 2026: Chrome 151 deletes the last MV2 flags on July 28, the Web Store purge lands August 31. What still blocks ads.
Is That Chrome Extension Safe? 7 Checks Before Install (2026)
The Featured badge didn't stop a Chrome extension stealing 900K ChatGPT chats. A 7-point audit of permissions, source, and ownership to vet any extension.