Hi team,
Our extension collects tech & user interaction data. When building our data consent flow, we followed the official doc to allow users to opt-out. Our question is: what if the user skips the data collection consent, for example, ignoring or closing the consent prompt? Since it won’t impact the extension to work, can we assume in that case, users choose the default option so we can start collecting data? Or do we have to force them to decide before being able to use our extension?
Given the nature of these requirements is so users are made aware of the data collection and are presented with a choice to opt in or out (or refuse to use the service if they do not consent), the default rationale is to assume that if they did not gave explicit consent, then they did not consent to it.
Otherwise this would be massively exploited by many under the guise of “they somehow skipped it so it is not our problem”.
See also:
It seems like, everything that’s not required for addon to function should be disabled by default with an option to opt-in.
Thanks for all the reply. Another question I have is: We store some user data in their browser local storage. We need those data for extension to work, but don’t collect them for our own usage. Is this considered as data collection of PII and hence require user consent as well?
If the data doesn’t leave users PC, then it should be fine. Especially if it’s needed for it’s function.
I agree with @juraj.masiar the issue is when the data leaves the user PC, or is used in any way by a third party even if simply derived data. An example of derived data would be collecting statistics on how many features the users have enabled without specifically collecting which features are enabled.