TechCrunch was the first to notice the policy change, which took effect on June 2. The revisions do not affect TikTok customers who live in the European Economic Area (EEA), the United Kingdom, Switzerland, or other countries (excluding India) where the service is available.
In a newly created section called "Image and Audio Information," the ByteDance-owned company stated: "We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection."
Given that just a few states in the United States — California, Illinois, New York, Texas, and Washington — have laws prohibiting companies from collecting such data, the decision could mean TikTok won't have to ask its users in other states for permission, according to TechCrunch. In other words, simply agreeing to the terms of service gives users permission to have their biometric data collected.
The updates come months after TikTok agreed to pay $92 million to settle a class-action lawsuit alleging that the app violated Illinois' Biometric Information Privacy Act (BIPA) by secretly trying to collect biometric and personal data from users in the United States to target ads without meeting the state's informed consent requirements.