TikTok could not clarify whether product advancements warranted the addition of biometric data to its list of disclosures about the information it automatically gathers from users, but it did say that if such data collecting practices commenced, it would seek consent.
The policy’s biometric data collecting specifics were included in a newly added section called “Image and Audio Information,” which can be found under the title “Information we collect automatically.”
The first section of the new section states that TikTok may collect information about the images and audio in users’ content, “such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.”
While this may sound creepy, other social media platforms use object recognition on photographs you submit to provide accessibility services (such as summarizing what’s in an Instagram photo) and ad targeting. Converting spoken words to text helps with features like TikTok’s automatic subtitles, while identifying where a person and the scenery are can aid with AR effects.
This information is collected to enable “special video effects, content moderation, demographic classification, content and ad recommendations, and other non-personally-identifying operations,” the policy says.
The new section’s most worrying aspect refers to a proposal to collect biometric data.
We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.
The phrase itself is ambiguous, as it does not define whether it is looking at federal, state, or both legislation. It also doesn’t explain why TikTok needs this information, like the previous section did. The phrases “faceprints” and “voiceprints” are not defined. It also doesn’t say how it plans to obtain the “necessary approvals” from users, or whether it would rely on state or federal regulations to lead the consent process.
This is significant because just a few states in the US now have biometric privacy legislation, including Illinois, Washington, California, Texas, and New York. If TikTok merely asked for consent “where required by law,” users in other jurisdictions might not be aware that their data is being collected.
TikTok has been striving to recover the faith of certain US users, and the biometric reveal comes at a critical time.
The federal government attempted to outright ban TikTok from operating in the US during the Trump administration, citing the app’s ownership by a Chinese business as a national security concern. In response to the prohibition, TikTok stated that it exclusively maintains TikTok U.S. user data in its U.S. data centers and in Singapore.
Despite being controlled by Beijing-based ByteDance, it claims it has never shared TikTok user data with the Chinese government or banned content. It also stated that if requested, it would never do so.
Despite the fact that the TikTok ban was initially overturned in court, the federal government appealed the decisions. When President Biden took office, however, his administration placed the appeal process on hold while it investigated his predecessor’s activities, And, though Biden has signed an executive order restricting US investment in Chinese enterprises tied to spying as of today, his administration’s position on TikTok is unknown.
It’s worth noting, though, that the new announcement about biometric data gathering comes after TikTok agreed to a $92 million settlement in a class action lawsuit over the social media app’s violation of Illinois’ Biometric Information Privacy Act, which was initially filed in May 2020..
More than 20 different lawsuits were launched against TikTok over the platform’s collecting and distribution of personal and biometric information without user authorization, according to the consolidated suit. This includes the use of facial filter technologies for special effects in particular.
In light of this, TikTok’s legal team may have been compelled to add a clause allowing the app to gather personal biometric data in order to protect themselves from future litigation.
The majority of the tweaks and changes, such as new sections that clearly acknowledged TikTok’s e-commerce ambitions or improvements aimed at mitigating the effects of Apple’s App Tracking Transparency on targeted advertising, were simple to explain.
Even without biometric data, TikTok still has a lot of data on its users, their content, and their gadgets in the broad scheme of things.
For example, TikTok’s policy already stated that it collects information about users’ devices automatically, such as location data based on your SIM card and IP addresses and GPS, your use of TikTok itself and all the content you create or upload, data you send in messages on its app, metadata from the content you upload, cookies, the app and file names on your device, battery state, and even your keystroke patterns and rhythms, among other things.
This is in addition to the “Information you choose to provide,” which is derived through your registration, contact with TikTok, or content uploading. In that case, TikTok collects your registration info (username, age, language, etc.), profile info (name, photo, social media accounts), all your user-generated content on the platform, your phone and social network contacts, payment information, also the text, images and video found in the device’s clipboard.
TikTok, as you may recall, got busted by Apple’s iOS 14 feature that alerted users to the fact that TikTok and other apps were accessing iOS clipboard content. Now, the policy says TikTok “may collect” clipboard data “with your permission.”