TikTok, Congress, Biometric Data, and New Privacy Concerns

September 19, 2022 | 4 minutes read
TikTok, Congress, Biometric Data, and New Privacy Concerns

As the Chinese-based short-form video hosting service and social media platform TikTok has been accused of violating the personal privacy of American citizens at several different points in the past few years, a change that the company made to its data privacy policy last year has led to further concerns for privacy advocates and politicians alike. More specifically, TikTok altered its privacy policy last year to accommodate the collection of biometric data, which can include “faceprints and voiceprints”, among other forms of biometric identifiers. Subsequently, the topic of biometric privacy was raised when TikTok’s Vice President and Head of Public Policy Michael Michael Beckerman answered a wide range of questions concerning his employer in a U.S Congressional Hearing that took place last October.

Nevertheless, Beckerman, as well as other executives and representatives that work for TikTok, have declined to comment publicly on the reasons or factors that influenced the growing social media company to abruptly amend its personal privacy policy. To this end, “TikTok’s earlier privacy policy change had introduced a new section called “Image and Audio Information” under the section “Information we collect automatically.” Here, it detailed the types of images and audio that could be collected, including “biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints.”

Biometric data privacy law

To this last point, TikTok’s privacy policy is particularly vague and ambiguous as it concerns the fashion in which the social media platform collects the biometric information of American citizens. Going back to the Congressional Hearing that several TikTok representatives and executives took part in during October 2021, U.S. Senator Kyrsten Sinema (D-AZ) recently asked Vanessa Pappas, TikTok’s Chief Operating Officer, if the biometric data of U.S. consumers was or had ever been accessed by employees of the company that were located in China. Moreover, Senator Sinema also asked if such access to the biometric data of American citizens was even possible.

Despite this direct line of questioning, however, Pappas failed to provide Senator Sinema with a cohesive answer regarding the specific biometric data collection practices of her employer, and instead highlighted the privacy policy of the social media company yet again. Likewise, Pappas was quoted as saying “the way that we use facial recognition, for example, would be is if we’re putting an effect on the creator’s video — so, you were uploading a video and you wanted to put sunglasses or dog ears on your video — that’s when we do facial recognition. All of that information is stored only in your device. And as soon as it’s applied — like that filter is applied and posted — that data is deleted. So we don’t have that data.”

Privacy violations at the U.S. state level

In so many words, the explanation that TikTok’s Chief Operating Officer Vanessa Pappas gives when detailing the particulars of the company’s biometric data collection practices essentially suggests that the manner in which the mobile application works on a technical level prevents the social media company from retaining the biometric data of American citizens. However, while this explanation might seem to be sufficient on a surface level, as testing each individual technical feature within a popular mobile application such as TikTok is outside of the scope of expertise and knowledge of even the most accomplished and well-respected U.S. politicians, it contradicts recent legal rulings that have been imposed against companies in U.S. states where biometric data privacy legislation has been passed.

To illustrate this point further, Snapchat recently settled a class action lawsuit in the state of Illinois for violating the Illinois Biometric Information Privacy Act (BIPA) in August of this year. Under the BIPA, businesses must obtain consent from citizens of the state prior to collecting their biometric data, lest they face heavy monetary penalties. However, much like the case with TikTok, the basis of this class action lawsuit was the video filters and effects that users of the mobile application used when recording videos using the social media application. With all this being said, a district court in Illinois ultimately ruled that the actions of Snapchat constituted a violation of the state’s biometric data privacy law, irrespective of the specific wording or contents of the social media company’s privacy policy.

While the state of Illinois completely changed the biometric data privacy landscape in the U.S. when the Biometric Information Privacy Act (BIPA) was first enacted in 2008, the unfortunate reality is that the overwhelming majority of U.S. states have yet to pass similar laws. For this reason, major tech and social media companies such as TikTok can effectively collect the biometric data of American citizens with little to no issue, regardless of any questions that a government official may pose to them during a Congressional hearing or another similar legal setting. Furthermore, large-scale corporations will continue to dodge questions regarding their data privacy policies until the U.S. passes a comprehensive data privacy law at the federal level.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »