Tiktok’s new privacy policy allows it to collect biometric data, including ‘faceprints and voiceprints’

0

TikTok quietly changed its US privacy policy this week to notify users that it may begin collecting “faceprint and voiceprint” and other biometric data.

The app did not specify what the data would be used for, but said it would ask for permission first, “if required by law.”

The update comes just three months after TikTok paid more than $90 million to settle a class-action lawsuit alleging it secretly recorded the facial features of millions of members and other biomarkers.

TikTok reportedly has 100 million users in the US alone.

Scroll down in video

TikTok has updated its privacy policy to inform US users that it may record the

TikTok has updated its privacy policy to inform US users that it may record the “faceprint and voiceprint” and other unique biometric data. Pictured: Grimes in a recent TikTok video

On Wednesday, an update to TikTok’s privacy policy announced that the popular app “may collect biometric identifiers and biometric information” from users’ videos.

Some apps collect biometric data to target ads or improve accessibility features, TechCrunch reported, such as describing an Instagram photo or adding automated captions.

TikTok recently paid $92 million to settle a lawsuit alleging it violated Illinois' strict biometric data laws that require consent before tracking users' data.  It is possible that the privacy policy update is a direct result of the lawsuit

TikTok recently paid $92 million to settle a lawsuit alleging it violated Illinois’ strict biometric data laws that require consent before tracking users’ data. It is possible that the privacy policy update is a direct result of the lawsuit

It can also help with face filters and augmented reality effects.

The data may include “identification of the objects and landscapes that appear, the existence and location within an image of facial and body features and attributes, the nature of the audio and the text of the spoken words,” the company said.

But it could also include personal biomarkers, such as “faceprints and voiceprints,” TikTok added, without clearly defining those terms.

Only a handful of states have biometric privacy laws, including Illinois, California, New York, Texas and Washington, suggesting that users in other states may not be notified if their biometrics are collected.

While the policy says that TikTok will notify users if it begins collecting biometric data, Insider points out that the update is in a section called “information we collect automatically,” suggesting it may already be collecting the information.

With password security becoming increasingly vague, many companies are leveraging unique physical properties, such as fingerprints, voiceprints, and other markings, for security purposes.  Even the shape of your face and nose can be used to identify you

With password security becoming increasingly vague, many companies are leveraging unique physical properties, such as fingerprints, voiceprints, and other markings, for security purposes. Even the shape of your face and nose can be used to identify you

According to TechCrunch, users received multiple pop-up messages informing them of the privacy policy update, but some complained that the page was unavailable when they tried to read it.

The policy only seems to be updated in the US – privacy rules are much stricter in Europe and Asia.

In 2020, the White House tried to ban TikTok from the US because its Chinese parent company, ByteDance, posed a threat to national security.

A court order prevented the ban from going into effect, although the Trump administration appealed the ruling.

On Friday, President Biden signed an executive order banning Americans from investing in some 59 Chinese companies that the government believes have ties to the Chinese military and the country’s security industry.

However, his government has not taken an official position on TikTok.

In February, TikTok paid $92 million to settle a class-action lawsuit alleging it violated the Illinois Biometric Information Privacy Act, one of the strictest in the nation.

Illinois law requires companies to obtain explicit consent before collecting biometric data, but the plaintiffs alleged that TikTok used algorithms to identify users’ gender, age and ethnicity, according to the law. to the BBC, and sent the information to China.

TikTok denied any crime and said it was happy to avoid a lengthy lawsuit.

Then-President Trump tried to ban TikTok in the US last year, claiming the Beijing company posed a threat to national security

Then-President Trump tried to ban TikTok in the US last year, claiming the Beijing company posed a threat to national security

“While we disagree with the claims, we want to focus our efforts on building a safe and enjoyable experience for the TikTok community, rather than pursuing lengthy lawsuits,” the company said in a statement.

It’s possible that Wednesday’s update was a direct result of the lawsuit.

TikTok did not respond to a request for comment from DailyMail.com.

Social media platforms have been in trouble for collecting biometrics before: In 2015, Illinois Facebook users accused the platform of violating the state’s Biometric Information Privacy Act when collecting biometrics.

Facebook is said to have achieved this through its ‘Tag Suggestions’ feature, which allowed users to recognize their Facebook friends from previously uploaded photos.

Facebook paid out $650 million in that case, but was hit by another class-action lawsuit five years later that alleged it used the same tool on Instagram to collect the biometric data of more than a million users without their knowledge or consent.

In a statement to DailyMail.com at the time, a Facebook spokesperson said the claims were false and that Instagram does not use the facial recognition services offered on Facebook.

According to Instagram’s data policy, “If we introduce facial recognition technology to your Instagram experience, we’ll let you know first and you’ll have control over whether we use this technology for you.”

In 2019, security firm Suprema revealed that a major data breach exposed millions of people’s biometric information, including their fingerprints and facial scans.

The private data was found on a free site and contained sensitive information on a system used by banks, police and government agencies, as well as thousands of other companies.

“This could be used in a wide variety of criminal activities that would be disastrous for the affected businesses and organizations as well as their employees or customers,” web privacy site VPNMentor wrote in a statement about the discovery.

“It’s one thing to have your password hacked — passwords can be changed and replaced,” Etienne Greeff, CTO of cybersecurity service provider SecureData, told MailOnline at the time.

‘But what happens if your biometric data is hacked? You cannot change your voice; you cannot replace your eyes and you cannot reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you.’

WHAT ARE BEHAVIORAL BIOMETRY?

Physical biometrics, such as fingerprints, facial recognition and retinal scans, are more commonly used for security purposes these days.

However, behavioral biometrics — including things like how you walk — can record unique things about a person’s behavior and movement.

They also include things like voice ID and signature analysis.

Researchers at the University of Manchester have developed a biometric AI verification system that measures a person’s gait or gait pattern.

This non-intrusive technique can verify people with 99.3 percent accuracy after walking over a pressure pad on the floor — and they don’t even have to take their shoes off.

Behavioral biometrics are already being used for authentication in financial institutions and companies.

After people provide their biometric data, AI chooses specific data points that it processes using an algorithm.

.