Google updated its Chrome Web Store developer policies on July 1, with enforcement starting August 1. Extensions may now only collect data strictly necessary for their stated purpose, every collection must be disclosed upfront, and a new clause explicitly bans extensions that let users place real-money bets on prediction markets inside the browser.

  • The core rule: an extension can collect only the data its stated purpose actually needs, and must disclose it upfront.
  • It closes the loophole where a coupon finder or screenshot tool could quietly request your entire browsing history.
  • A separate clause bans in-browser prediction-market betting extensions outright.
  • Enforcement begins August 1, 2026, giving developers a short window to comply or be delisted.
Data minimization for extensions Before, a simple tool could request broad permissions like full browsing history; the new rule limits data collection to what the stated purpose needs. Before - over-collection allowed Coupon finder Browsing historyAll site dataForm contents After - minimized to purpose Coupon finder Checkout-page data only + prediction-marketbetting extensionsbanned outright genztech.blog
Fig 1 The policy forces data minimization: an extension can only take what its declared job requires, ending the era of trivial tools quietly harvesting full browsing history.

What actually changed?

Google rewrote the Chrome Web Store’s data policy around a single principle: data minimization. Under the old rules, an extension could request broad permissions loosely tied to its function, so a coupon finder, a screenshot tool or a simple utility could ask for access to your entire browsing history and users would click through the prompt. The new policy says collection must be limited to what the stated purpose genuinely needs, and any collection has to be disclosed clearly and upfront. In the same update, Google added an explicit prohibition on extensions that let users place real-money bets on prediction-market outcomes directly in the browser. Enforcement starts August 1, 2026, which gives developers a narrow window to rewrite their permission requests, update their disclosures, or risk removal from the store entirely. The change applies to new submissions and to existing extensions alike, so even long-established add-ons with millions of installs have to prove their data collection is scoped to their stated purpose.

RelatedCloudflare brings SQL queries to R2 object storage

Why crack down now?

Because extensions are the soft underbelly of browser privacy. Users install them casually and grant sweeping permissions without reading them, and a popular extension with history access is a surveillance asset, whether it is abused by the developer or by whoever later buys the codebase. Extension marketplaces have a long history of legitimate tools being sold and quietly repurposed into data harvesters. Tying permissions to declared purpose limits the blast radius of that model. The prediction-market clause is a narrower call: it keeps a fast-growing, legally gray category of real-money betting out of the default browser channel before it becomes a headache.

Who does this hurt and help?

It helps users, straightforwardly, by shrinking what a casual install can expose. It hurts a specific class of developer: anyone whose business model depended on collecting more than their feature needed and monetizing the surplus. Legitimate extensions that already practice minimization barely notice. The August 1 enforcement date is the pressure point; extensions that do not comply face removal, and for a widely used add-on that is an existential deadline.

What to watch · 2026
  • Delistings. The real test is whether Google actually removes popular non-compliant extensions or grants quiet extensions.
  • The browser shift. Chrome’s desktop share has been sliding toward Firefox, Brave and Edge; privacy moves are partly a defense of that.
  • Copycat policies. Watch whether other browser stores adopt the same purpose-limitation language.

How did extensions become a privacy problem?

To understand why this policy exists, look at how the extension economy actually works. Many popular add-ons start as genuinely useful, single-purpose tools built by small developers, and they ask for broad permissions because the platform historically made that easy and users historically clicked through. Once an extension has a large install base and access to browsing data, that access becomes an asset. Developers get acquisition offers, and the buyer is not always interested in the original feature; sometimes the value is precisely the data pipe into millions of browsers. The extension keeps working, the icon stays the same, and quietly the data flowing out of it changes hands or purpose. Users have no way to notice. This is the exact pattern data-minimization rules are designed to break: if an extension can only ever collect what its stated function needs, then the surplus that makes it attractive to harvest simply is not there to sell. It does not stop a malicious developer from lying, but it removes the legitimate cover, narrows what a compliant extension can hoard, and gives Google a clear policy basis to delist the ones that overreach. The prediction-market clause is a smaller, more targeted intervention aimed at keeping a legally messy category out of the default channel.

RelatedEU Finds Instagram, Facebook Addictive Design Breaks DSA

Our take

Purpose-limited data collection is the right default, and it is striking it took this long. The interesting subtext is competitive: Chrome has been losing desktop share to browsers that market themselves on privacy, and cleaning up the extension store is one way to blunt that pitch. The policy will only mean something if enforcement has teeth on the largest, most-installed extensions rather than just the long tail. August 1 is when we find out whether this is a real cleanup or a press release with a grace period.

Primary sources

Original analysis by GenZTech. Figures current as of July 2026. Source: DigitBin.