A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.
The biometric data collection details were introduced in the newly added section, “Image and Audio Information,” found under the heading of “Information we collect automatically” in the policy.
This is the part of TikTok’s Privacy Policy that lists the types of data the app gathers from users, which was already fairly extensive.
The first part of the new section explains that TikTok may collect information about the images and audio that are in users’ content, “such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.”
While that may sound creepy, other social networks do object recognition on images you upload to power accessibility features (like describing what’s in an Instagram photo, for example), as well as for ad targeting purposes. Identifying where a person and the scenery is can help with AR effects, while converting spoken words to text helps with features like TikTok’s automatic captions.
The policy also notes this part of the data collection is for enabling “special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations,” it says.
The more concerning part of the new section references a plan to collect biometric data.
It states:
We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.
The statement itself is vague, as it doesn’t specify whether it’s considering federal law, states laws, or both. It also doesn’t explain, as the other part did, why TikTok needs this data. It doesn’t define the terms “faceprints” or “voiceprints.” Nor does it explain how it would go about seeking the “required permissions” from users, or if it would look to either state or federal laws to guide that process of gaining consent.
That’s important because as it stands today, only a handful of U.S. states have biometric privacy laws, including Illinois, Washington, California, Texas and New York. If TikTok only requested consent, “where required by law,” it could mean users in other states would not have to be informed about the data collection.
Reached for comment, a TikTok spokesperson could not offer more details on the company’s plans for biometric data collection or how it may tie in to either current or future products.
“As part of our ongoing commitment to transparency, we recently updated our Privacy Policy to provide more clarity on the information we may collect,” the spokesperson said.
The company also pointed us to an article about its approach to data security, TikTok’s latest Transparency Report and the recently launched privacy and security hub, which is aimed at helping people better understand their privacy choices on the app.
Photo by NOAH SEELAM / AFP) (Photo by NOAH SEELAM/AFP via Getty Images)
The biometric disclosure comes at a time when TikTok has been working to regain the trust of some U.S. users.
Under the Trump administration, the federal government attempted to ban TikTok from operating in the U.S. entirely, calling the app a national security threat because of its ownership by a Chinese company. TikTok fought back against the ban and went on record to state it only stores TikTok U.S. user data in its U.S. data centers and in Singapore.
It said it has never shared TikTok user data with the Chinese government nor censored content, despite being owned by Beijing-based ByteDance. And it said it would never do so, if asked.
Though the TikTok ban was initially stopped in the courts, the federal government appealed the rulings. But when President Biden took office, his administration put the appeal process on hold as it reviewed the actions taken by his predecessor. And although Biden has, as of today, signed an executive order to restrict U.S. investment in Chinese firms linked to surveillance, his administration’s position on TikTok remains unclear.
It is worth noting, however, that the new disclosure about biometric data collection follows a $92 million settlement in a class action lawsuit against TikTok, originally filed in May 2020, over the social media app’s violation of Illinois’ Biometric Information Privacy Act. The consolidated suit included more than 20 separate cases filed against TikTok over the platform’s collection and sharing of the personal and biometric information without user consent. Specifically, this involved the use of facial filter technology for special effects.
In that context, TikTok’s legal team…
Each Facebook User is Monitored by Thousands of Companies
This article was copublished with Consumer Reports, an independent, nonprofit organization…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
