mozilla · rebloor · Mar 11, 2026 · Mar 10, 2026 · Mar 11, 2026
diff --git a/...ntent/documentation/develop/best-practices-for-collecting-user-data-consents.md b/...ntent/documentation/develop/best-practices-for-collecting-user-data-consents.md
@@ -7,8 +7,8 @@ topic: Develop
 tags:
   [add-ons, extensions, how-to, privacy, ui, user-interface, ux, webextensions]
 contributors: [rebloor, hamatti, mkaply, abhn, dotproto]
-last_updated_by: dotproto
-date: 2025-12-18
+last_updated_by: rebloor
+date: 2026-03-12
 ---
 
 <!-- Page Hero Banner -->
@@ -17,9 +17,9 @@ date: 2025-12-18
 
 # Prompt users for data and privacy consents
 
-If your extension collects user data, it must comply with the requirement of the [Data Disclosure, Collection and Management](/documentation/publish/add-on-policies/#data-disclosure-collection-and-management) section of the [Add-on Policies](/documentation/publish/add-on-policies/).
+If your extension collects user data, it must comply with the requirement of the [Data Collection and Transmission Disclosure and Control](/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control) section of the [Add-on Policies](/documentation/publish/add-on-policies/).
 
-A common developer question about these policies is how to translate them into browser extension features that are compliant to [Mozilla’s Add-on policies](/documentation/publish/add-on-policies/). This how-to is the result of those requests and offers advice on implementing prompts to meet the data collection and add-on policies. This article suggests how you can implement suitable prompts but it doesn’t replace or supersede the policies; you still need to confirm that your extension complies with the policies.
+A common developer question about these policies is how to translate them into compliant browser extension features. This how-to is the result of those requests and offers advice on implementing prompts to meet the data collection and add-on policies. This article suggests how you can implement suitable prompts but it doesn’t replace or supersede the policies; you still need to confirm that your extension complies with the policies.
 
 ::: note
 Firefox provides a built-in consent for data collection and transmission in Firefox for desktop 140 and later, and Firefox for Android 142 and later. See [Firefox built-in consent for data collection and transmission](/documentation/develop/firefox-builtin-data-consent/).
@@ -48,7 +48,7 @@ To create the consent flow and consent dialogs your extension needs, you should
 1. Does my extension collect technical or interaction data? If so, offer the user the opportunity to opt-out of this data collection, although you can always offer opt-in consent if you prefer.
 2. Does my extension collect personally identifying information? If so, get the user’s opt-in consent before collecting any of this data. Remember that personally identifying information includes technical or interaction data tagged with the user’s identity or information that can be used to identify the user, such as an URL.
 
-If you are unsure whether your add-on collects personal, technical, or interaction data, refer to the definition in [Data Disclosure, Collection and Management](/documentation/publish/add-on-policies/#data-disclosure-collection-and-management). 
+If you are unsure whether your add-on collects personal, technical, or interaction data, refer to the definition in [Data Collection and Transmission Disclosure and Control](/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control). 
 
 “Data” includes all information the extension collects, regardless of the manner of collection or the reason for collection. This also includes data collected as part of the extension’s  primary functionality.
 
@@ -94,7 +94,7 @@ As part of your extension’s onboarding flow, include information about your pr
 
 For more information on how to implement a post-install page or dialog, see [Best practices for onboarding, upboarding, and offboarding users](/documentation/develop/onboard-upboard-offboard-users/).
 
-As mentioned in the [Add-on policies](/documentation/publish/add-on-policies/), if your extension collects user data in association with features that run in the background, such as ad blocking, you need to make sure the data collection is not activated until you have obtained user consent.
+As mentioned in the [Add-on policies](/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control), if your extension collects user data in association with features that run in the background, such as ad blocking, you need to make sure the data collection is not activated until you have obtained user consent.
 
 If an update to your extension collects new personally identifying information, existing users must consent to the new data collection (opt-in) when your extension updates.
 

diff --git a/src/content/documentation/develop/firefox-builtin-data-consent.md b/src/content/documentation/develop/firefox-builtin-data-consent.md
@@ -13,7 +13,7 @@ contributors:
     rebloor
   ]
 last_updated_by: rebloor
-date: 2025-08-04
+date: 2026-03-12
 ---
 
 <!-- Page Hero Banner -->
@@ -27,7 +27,7 @@ Firefox supports built-in consent for data collection and transmission in Firefo
 
 From November 3, 2025, all new extensions must adopt the Firefox built-in data collection consent system. Extensions must state if and what data they collect or transmit. New versions and updates for add-ons created before November 3 don’t need to use this feature, but will have to at a later date.
 
-Implementing the built-in consent feature doesn't remove the obligation to create a [custom data collection experience](documentation/develop/best-practices-for-collecting-user-data-consents/) for use when installing on Firefox versions from before the feature's introduction. See [Data collection experience on older Firefox versions](#data-collection-experience-on-older-Firefox-versions) for implementation advice.
+Implementing the built-in consent feature doesn't remove the obligation to create a [custom data collection experience](/documentation/develop/best-practices-for-collecting-user-data-consents/) for use when installing on Firefox versions from before the feature's introduction. See [Data collection experience on older Firefox versions](#data-collection-experience-on-older-Firefox-versions) for implementation advice.
 
 For updates on the rollout and the timeline for AMO accepting submissions using this feature and for tips on how to take advantage of it, see the [community blog](https://blog.mozilla.org/addons/).
 :::
@@ -53,7 +53,7 @@ Firefox uses categories to standardize data collection information for developer
 
 Personally identifiable information can be actively provided by the user or obtained through extension APIs. It includes, but isn’t limited to, names, email addresses, search terms, and browsing activity data, as well as access to and placement of cookies.
 
-| Data type<br>visible during install    | Data collection permission<br>used in the manifest | Definition and examples                                                                                                                                                                                           | Eligible for [implicit consent](/documentation/publish/add-on-policies/#data-collection-and-transmission-disclosure-and-control)? |
+| Data type<br>visible during install    | Data collection permission<br>used in the manifest | Definition and examples                                                                                                                                                                                           | Eligible for [implicit consent](/documentation/publish/add-on-policies/#implicit-consent-for-self-evident-single-use-extension)? |
 |----------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
 | **Personally identifying information** | `personallyIdentifyingInfo`                          | Examples: contact information such as name and address, email, and phone number, as well as other identifying data such as ID numbers, voice or video recordings, age, demographic information, or biometric data. | no                                                                                                                                                |
 | **Health information**                 | `healthInfo`                                         | Examples: medical history, symptoms, diagnoses, treatments, procedures, or heart rate data.                                                                                                                     | no                                                                                                                                                |

diff --git a/src/content/documentation/publish/add-on-policies.md b/src/content/documentation/publish/add-on-policies.md
@@ -16,8 +16,8 @@ contributors:
     kmaglione,
     dotproto,
   ]
-last_updated_by: dotproto
-date: 2025-09-17
+last_updated_by: rebloor
+date: 2026-03-12
 ---
 
 <!-- Page Hero Banner -->
@@ -47,6 +47,14 @@ When an add-on is given human review or otherwise assessed by Mozilla, these pol
 
 Users should be able to easily discern the functionality of your add-on based on the listing, and should not be presented with unexpected user experiences after installing it. The listing should include an easy-to-read description of what the add-on does, and what information it transmits. Please consult our best practices guide for [creating an appealing listing](/documentation/develop/create-an-appealing-listing/).
 
+{% endcapture %}
+{% include modules/column-w-toc.liquid,
+  id: "no-surprises"
+  content: content_with_toc
+%}
+
+{% capture content %}
+
 ### Unexpected features
 
 “Unexpected” features are those that are unrelated to the add-on’s primary function, and are not clearly indicated by the add-on name or description. This may include features that impact user privacy or security, make unexpected changes to web content, or change default settings like the new tab page, homepage, or search engine.
@@ -58,9 +66,9 @@ Any “unexpected” feature(s) must adhere to all of the following requirements
 * The opt-in interface must clearly state the name of the add-on requesting the change.
 
 {% endcapture %}
-{% include modules/column-w-toc.liquid,
-  id: "no-surprises"
-  content: content_with_toc
+{% include modules/one-column.liquid,
+  id: "unexpected-features"
+  content: content
 %}
 
 <!-- END: Content with Table of Contents -->
@@ -100,6 +108,13 @@ Add-ons must function only as described. During review, the add-on undergoes bas
 
 If corrections have been requested and are submitted as part of a new version, the new version should not contain unrelated changes, as this complicates the review process and can lead to further delays or rejections.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "submission-guidelines"
+  content: content
+%}
+{% capture content %}
+
 ### Source Code Submission
 
 Code must be provided in a way that is reviewable. Add-ons may contain transpiled, minified or otherwise machine-generated code, but Mozilla needs to review a copy of the source code before any of these steps have been applied.
@@ -114,7 +129,7 @@ Please read our [Source Code Submission guidelines](/documentation/publish/sourc
 
 {% endcapture %}
 {% include modules/one-column.liquid,
-  id: "submission-guidelines"
+  id: "source-code-submission"
   content: content
 %}
 
@@ -175,15 +190,31 @@ Add-ons must limit data transmission to what is necessary for functionality, and
 
 If the add-on uses native messaging, the Add-on Policies (including those related to user consent and control) apply to any data sent to the native application as well.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "data-collection-and-transmission-disclosure-and-control"
+  content: content
+%}
+
+{% capture content %}
+
 ### Prohibited Data Collection and Transmission
 
 * Search functionality provided or loaded by the add-on must not transmit search terms or intercept searches that are going to a third-party search provider.
 * Transmitting or facilitating the transmission of ancillary information (e.g. any data not required for the add-on’s functionality as stated in the description) is prohibited.
 * The transmission of browsing activity is only permitted as part of the add-on’s primary function.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "prohibited-data-collection-and-transmission"
+  content: content
+%}
+
+{% capture content %}
+
 ### User Consent and Control
 
-The user must be provided with a clear way to control the add-on’s data transmission, either through a consent experience created by the add-on developer, or by using Firefox’s built in data collection and transmission consent experience. In the case of add-ons that qualify for implicit consent, under the “Implicit Consent for Self-Evident, Single-Use Extension” policy, installation is the consent.
+The user must be provided with a clear way to control the add-on’s data transmission, either through a consent experience created by the add-on developer, or by using Firefox’s built in data collection and transmission consent experience. In the case of add-ons that qualify for implicit consent, under the [Implicit Consent for Self-Evident, Single-Use Extension](#implicit-consent-for-self-evident-single-use-extension) policy, installation is the consent.
 
 Add-ons installed in an enterprise environment can bypass asking for data collection consent when they are installed by enterprise policy. For more information, refer to the [enterprise documentation](/documentation/enterprise/enterprise-development/). If the add-on uses Firefox’s built-in data collection and transmission consent experience, then the browser will bypass this by default.
 
@@ -208,6 +239,14 @@ If both personal and technical data is being transmitted, the user must be provi
 
 Please refer to our [best practices](/documentation/develop/best-practices-for-collecting-user-data-consents/) for advice and examples on how to design and implement a data transmission consent prompt.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "user-consent-and-control"
+  content: content
+%}
+
+{% capture content %}
+
 #### Personal Data (opt-in)
 
 Personally identifiable information can be actively provided by the user or obtained through extension APIs. It includes, but is not limited to names, email addresses, search terms and browsing activity data, as well as access to and placement of cookies.
@@ -216,8 +255,15 @@ Before an add-on may transmit personal information, it must clearly describe, an
 
 If the primary function of the add-on does not work without transmitting personal data, the add-on must provide a choice for the user to either accept the data transmission or uninstall the add-on.
 
-#### Implicit Consent for Self-Evident, Single-Use Extension
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "personal-data-opt-in"
+  content: content
+%}
 
+{% capture content %}
+
+#### Implicit Consent for Self-Evident, Single-Use Extension
 
 Implicit consent applies only to add-ons hosted on addons.mozilla.org when all of the following conditions are satisfied. Otherwise the standard explicit consent rules apply.
 
@@ -237,20 +283,36 @@ Implicit consent applies only to add-ons hosted on addons.mozilla.org when all o
 
 When all the above conditions are met, invoking the primary function is deemed implicit consent for transmitting the user-supplied data needed to perform that function. No additional dialog needs to be shown at install time. If any other data is transmitted, explicit consent at time of install is required.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "implicit-consent-for-self-evident-single-use-extension"
+  content: content
+%}
+
+{% capture content %}
+
 #### Technical & User Interaction Data (opt-out)
 
 Technical data describes information about the environment the user is running, such as browser settings, platform information and hardware properties. User interaction data includes how the user interacts with Firefox and the installed add-ons, metrics for product improvement, and error information.
 
 When an add-on transmits either of these types of information, it must allow the user to disable that data transmission (opt-out) during the initial consent experience. The add-on functionality must not be restricted if the user declines transmission of this data.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "technical-and-user-rnteraction-data-opt-out"
+  content: content
+%}
+
+{% capture content %}
+
 ### Additional Privacy Protocols
 
 * Leaking local or user-specific information to websites or other applications (e.g. through native messaging) is prohibited.
 * Data from private browsing sessions must not be stored. Information that identifies a user across browsing sessions or containers must not be made available to web content.
 
 {% endcapture %}
 {% include modules/one-column.liquid,
-  id: "data-collection-and-transmission-disclosure-and-control"
+  id: "additional-privacy-protocols"
   content: content
 %}
 
@@ -282,6 +344,14 @@ When an add-on transmits either of these types of information, it must allow the
 
 We expect all add-ons, whether hosted on addons.mozilla.org or not, to be secure and well-maintained in how they handle both their own data and their users’ data. They must also securely manage all of their interactions with the web and the browser and the operating system.
 
+{% endcapture %}
+{% include modules/one-column.liquid,
+  id: "security-compliance-and-blocking"
+  content: content
+%}
+
+{% capture content %}
+
 ### Policy Enforcement
 
 Mozilla may reject or block affected versions or entire add-ons that don’t comply with the above policies, depending on the extent of their non-compliance.
@@ -294,7 +364,7 @@ For more information about rejection and blocking, see [What does review rejecti
 
 {% endcapture %}
 {% include modules/one-column.liquid,
-  id: "security-compliance-and-blocking"
+  id: "policy-enforcement"
   content: content
 %}