TikTok Quietly Updated Its Privacy Policy to Collect Users’ Biometric Data

(The Hacker News) – Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform.

The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, and other geographies (excluding India) where the service operates are exempted from the changes.

“We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection,” the ByteDance-owned company said in a newly introduced section called “Image and Audio Information.”

On top of this, the company’s privacy policy also notes that it may collect information about “the nature of the audio, and the text of the words spoken in your User Content” so as to “enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations.”

Besides not clearly defining the exact nature of biometrics being collected or offering a convincing reason as to why this data gathering is necessary in the first place, the vaguely worded language could allow TikTok to amass such sensitive data without users’ explicit consent.

Given that only a handful of states in the U.S. — California, Illinois, New York, Texas, and Washington — have laws restricting companies from collecting biometric data, the move could mean that TikTok doesn’t have to ask permission from its users in other states, as noted by TechCrunch. In other words, users are consenting to have their biometric data collected simply by agreeing to its terms of service. Read Full Article >