While I understand the need for this move by Google and I think that it is a good one (based on the knowledge that I have), I must say that I get very frustrated with Google's ability to make rules forcing everyone to make changes while rarely -- if ever -- actually telling people the rules so that they know what they should do.
I look at it this way. Back in my time, the king made the rules and laws of the land, because he had the army, money, and power to do so. If you did not listen to these rules you were placed in the stocks or worse the dungeon.
This is mostly how Google is when it comes to SEO, granted they are not the only king in the world, but they are currently the most powerful.
We can either adhere to their rules or revolt, just note that a revolt would be a bad idea.
For example, if a site does not utilize a login system, then perhaps the SSL is not needed. Is the SSL needed if a person is simply filling out a contact form with no more personal info than a name and email? What about the blogger who never collects personal info via a form? Will that person be penalized just because they don't have an SSL? You just don't know. Therefore, everyone who wants to do well in Google has to now spend the extra money for the SSL cert. and for the programming to implement it.
This is not true, as I said this is for the user, host and yourself. I recommend watching this: https://www.youtube.com/watch?v=cBhZ6S0 … ls_en_post
It will help explain why all websites need HTTPS.
When will Google be implementing it?
They already have, but are not taking a lot of points off at the moment, but that will increase as time goes by.