TikTok quietly updated its privacy policy earlier this week in a way that allows the company to automatically collect extensive data on users in the United States—including data about their faces and their voice.
The policy change, first spotted by TechCrunch, specifically states that TikTok “may collect biometric identifiers and biometric information as defined under US laws,” including “faceprints” and “voiceprints,” from videos users upload to their platform. The company also notes that “where required by law,” it will seek “any required permissions,” before collecting that data. On top of this, the new policy also clarifies that other data like “the nature of the audio, and the text of the words spoken in your User Content,” might also be automatically collected.
There are a number of reasons TikTok may be collecting this information. One is, of course, advertising—the updated privacy policy notes that, in addition to face and voice data, it may also collect information for purposes “such as identifying the objects and scenery that appear,” which is increasingly common in the marketing world. It may also use the voice data to enable its automatic captions feature. None of this is to say these are the only things TikTok will do with that data—that seems unlikely, at best—but those are some obvious options.
It’s also worth pointing out that this face- and voice-related data appears under a new header in the policy—”Information we collect automatically”—which implies that TikTok might be able to hoover this data without users realizing that’s what they’re agreeing to. Right now, only three states (Illinois, Texas, and Washington) have explicit regulations surrounding the ways companies can collect biometric data, while New York proposed a similar law of its own earlier this year. In the 47 states that don’t have those restrictions, there’s nothing stopping the company from collecting that data without a user’s explicit consent.
Despite falling into the Trump administration’s line of fire last year, most cybersecurity researchers have noted that TikTok isn’t necessarily any more of a threat than data-hoovering giants like Facebook and Google—though the bar they set is pretty low. It’s also worth mentioning that a few months back, TikTok actually paid a whopping $92 million to settle allegations from TikTokers in Illinois that the company was flouting the state’s biometric data-collection laws.
We’ve reached out to TikTok about the new policies and will update if we hear back.