Earlier this week, the Chinese social media platform TikTok released their new privacy policy informing users that the app may collect new forms of biometric data, such as “faceprints and voiceprints,” but the company has reportedly been “unable to explain what types of data these terms referred to, or why the app might need to access this information in the first place.”
“A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app ‘may collect biometric identifiers and biometric information’ from its users’ content,” reported TechCrunch. “This includes things like ‘faceprints and voiceprints,’ the policy explained.”
TechCrunch then explained that after being reached for comment on the forms of data that may be collected, “TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.”
“We may collect information about the images and audio that are a part of your User Content, such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content,” TikTok announced in the “Image and Audio Information” section of their new privacy policy. “We may collect this information to enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations. We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.”
Other parts of TikTok’s privacy policy include the collection of information regarding “the images and audio that are a part of your User Content, such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.”
Other forms of “technical information” recorded by the Chinese social media platform include “keystroke patterns or rhythms,” and “location information based on your SIM card and/or IP address.” The company is also vague regarding where such data is stored, saying that it may be recorded “outside of the country where you live,” and that TikTok maintains “major servers around the world to bring you our services globally and continuously.”
As TechCrunch noted, issues such as consent and methods of storage become notably important because “only a handful of U.S. states have biometric privacy laws, including Illinois, Washington, California, Texas and New York.”
“If TikTok only requested consent, ‘where required by law,’ it could mean users in other states would not have to be informed about the data collection,” added TechCrunch.