The policy change, first spotted by TechCrunch, specifically states that TikTok “may collect biometric identifiers and biometric information as defined under US laws,” including “faceprints” and “voiceprints,” from videos users upload to their platform. The company also notes that “where required by law,” it will seek “any required permissions,” before collecting that data. On top of this, the new policy also clarifies that other data like “the nature of the audio, and the text of the words spoken in your User Content,” might also be automatically collected.
It’s also worth pointing out that this face- and voice-related data appears under a new header in the policy—”Information we collect automatically”—which implies that TikTok might be able to hoover this data without users realizing that’s what they’re agreeing to. Right now, only three states (Illinois, Texas, and Washington) have explicit regulations surrounding the ways companies can collect biometric data, while New York proposed a similar law of its own earlier this year. In the 47 states that don’t have those restrictions, there’s nothing stopping the company from collecting that data without a user’s explicit consent.
Despite falling into the Trump administration’s line of fire last year, most cybersecurity researchers have noted that TikTok isn’t necessarily any more of a threat than data-hoovering giants like Facebook and Google—though the bar they set is pretty low. It’s also worth mentioning that a few months back, TikTok actually paid a whopping $92 million to settle allegations from TikTokers in Illinois that the company was flouting the state’s biometric data-collection laws.
We’ve reached out to TikTok about the new policies and will update if we hear back.