TikTok, a popular short-form video-sharing site, quietly changed its privacy policy in the United States, allowing it to collect biometric data such as faceprints and voiceprints from the contents its users publish on the platform.
TechCrunch was the first to notice the policy change, which took effect on June 2. The revisions do not affect TikTok customers who live in the European Economic Area (EEA), the United Kingdom, Switzerland, or other countries (excluding India) where the service is available.
In a newly created section called "Image and Audio Information," the ByteDance-owned company stated: "We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection."
Furthermore, as per the company's privacy policy, it may collect information about "the nature of the audio, and the text of the words spoken in your User Content" in order to "enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations."
Given that just a few states in the United States — California, Illinois, New York, Texas, and Washington — have laws prohibiting companies from collecting such data, the decision could mean TikTok won't have to ask its users in other states for permission, according to TechCrunch. In other words, simply agreeing to the terms of service gives users permission to have their biometric data collected.
The updates come months after TikTok agreed to pay $92 million to settle a class-action lawsuit alleging that the app violated Illinois' Biometric Information Privacy Act (BIPA) by secretly trying to collect biometric and personal data from users in the United States to target ads without meeting the state's informed consent requirements.
TikTok agreed as part of the settlement not to collect or store biometric information, biometric identifiers, geolocation, or GPS data unless it was clearly stated in its privacy policy. In this view, it's probable that the changes are due to the settlement of the lawsuit.
No comments yet