The new policy indicates that it will ask for permission before collecting biometric data in jurisdictions that require informed consent. However, such a clause is largely meaningless in the United States at the moment, since most states do not have any kind of biometric privacy law. As a result, TikTok does not necessarily need permission to gather data in much of the US, even if it does need some kind of mechanism to obtain consent in a small handful of states.
In that regard, it is worth noting that TikTok did not add the biometric data clause to its policy in Europe, which has much stronger data protection regulations. The information collection policy does cover some kinds of non-biometric data. For example, TikTok may try to identify the objects that appear in the background of a video, or record the text of the audio content.
The audio information would presumably be used to improve TikTok’s auto-captioning system, while the object information would help with targeted advertising, tagging, and content moderation. TikTok’s plans for the face and voiceprints are not as clear at the moment. The company already gathers vast amounts device, location, and file data, as well as behavioral biometrics information.
Tiktok has faced criticism (and legal consequences) for its invasive data collection practices in the past. Most notably, TikTok paid $92 million to settle a class action lawsuit that alleged that the company violated the Biometric Information Privacy Act in Illinois. The Trump administration also tried to ban the platform in the United States due to concerns that the company would share its information with the Chinese government. TikTok has denied such accusations, though its standing with the Biden administration remains unclear.
(Originally posted on FindBiometrics)