In an update to its privacy policy earlier this week, the popular social media video app TikTok has added a new section that allows it to “collect biometric identifiers and biometric information” from its users’ content.
As reported by TechCrunch, the policy appears to allow the app to collect biometric information, which is the latest in a long, substantial list of data points that the company gleans from its large user base. This new section is found under the “Image and Audio Information” heading under “Information we collect automatically” in the company’s updated policy.
TikTok was unable to confirm to TechCrunch what products necessitated the addition of biometric data collection to its list of discolsures.
The new section now states that the app may collect and store information “such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.”
TikTok says that part of the data collection is to allow for “special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations.”
As noted by TikTok itself, the identification of objects and images would be particularly helpful for advertising purposes, as the app would be able to see likely selling points for its users and provide this information to it a partner who would be better able to target its products. The other collected data would be helpful in augmented reality applications, as TechCrunch notes.
None of this is particularly unusual or out of character, but the next section does raise some red flags:
“We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content,” TikTok’s policy now reads. “Where required by law, we will seek any required permissions from you prior to any such collection.”
This vague statement doesn’t include details as to why TikTok needs this kind of information and what it would do with it. Additionally, it does not explain how the company would seek the required permissions from users as it does not specify if the company plans to reference Federal or state-level laws. If the latter, only a small number of U.S. states currently have biometric privacy laws (such as Illinois, Washington, California, Texas, and New York). TechCrunch reports that if TikTok only requested consent “where required by law,” it could mean users in other states would not have to be informed about the data collection.
When asked for further details, the company only supplied a vague, boilerplate response.
“As part of our ongoing commitment to transparency, we recently updated our Privacy Policy to provide more clarity on the information we may collect,” a spokesperson said.
It is possible that this addition is to protect itself from future legal issues, as the company settled a $92 million class-action lawsuit filed in May 2020 over the app’s violation of Illnois’ Biometric Information Privacy Act.
The biometric information joins usage, device, location, messages, and metadata that TikTok already tracks and collects from all of its users. You can read that lengthy section in the company’s Privacy Policy here.
Image credits: Header photo licensed via Depositphotos.