TikTok has updated its privacy policy in the US to notify users that the app migh collect biometric identifiers and information from its users’ content. This includes things like faceprints and voiceprints, the policy explained.

TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.

TikTok needs to offer meaningful explanations of the data it’s collecting

The biometric data collection details were introduced in the newly added section, Image and Audio Information, found under the heading of Information we collect automatically in the policy.

We may collect information about the images and audio that are a part of your User Content, such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content. We may collect this information to enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations.

TikTok Statement

The statement itself is vague, as it doesn’t specify whether it’s considering federal law, states laws, or both. It also doesn’t explain, as the other part did, why TikTok needs this data. It doesn’t define the terms faceprints or voiceprints. Nor does it explain how it would go about seeking the required permissions from users, or if it would look to either state or federal laws to guide that process of gaining consent.

TikTok spokesperson could not offer more details on the company’s plans for biometric data collection or how it may tie in to either current or future products.

As part of our ongoing commitment to transparency, we recently updated our Privacy Policy to provide more clarity on the information we may collect.

TikTok Spokesperson

The biometric disclosure comes at a time when TikTok has been working to regain the trust of some U.S. users. In that context, TikTok’s legal team may have wanted to quickly cover themselves from future lawsuits by adding a clause that permits the app to collect personal biometric data.

The disclosure, we should also point out, has only been added to the U.S. Privacy Policy, as other markets like the EU have stricter data protection and privacy laws.

In the grand scheme of things, TikTok still has plenty of data on its users, their content and their devices, even without biometric data.

For example, TikTok policy already stated it automatically collects information about users’ devices, including location data based on your SIM card and IP addresses and GPS, your use of TikTok itself and all the content you create or upload, the data you send in messages on its app, metadata from the content you upload, cookies, the app and file names on your device, battery state and even your keystroke patterns and rhythms, among other things.

This is in addition to the Information you choose to provide, which comes from when you register, contact TikTok or upload content. In that case, TikTok collects your registration info (username, age, language, etc.), profile info (name, photo, social media accounts), all your user-generated content on the platform, your phone and social network contacts, payment information, plus the text, images and video found in the device’s clipboard. TikTok, as you may recall, got busted by Apple’s iOS 14 feature that alerted users to the fact that TikTok and other apps were accessing iOS clipboard content. Now, the policy says TikTok may collect clipboard data with your permission.