TikTok implies it’s collecting users' faceprints and voiceprints

TikTok app on a smartphone
(Image credit: Shutterstock)

TikTok has informed US-based users that it's now harvesting more personal information from them, likely including "faceprints and voiceprints."

"We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content, the company's new privacy policy states. "Where required by law, we will seek any required permissions from you prior to any such collection."

This potentially important change was first spotted by TechCrunch, which noticed a few intriguing updates to TikTok's privacy policy.

Under the new policy, TikTok may collect information about images and audio in users' content, the policy says, "such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content."

This type of language may sound invasive, but this kind of legal language is fairly common for photo and video apps.

More important is the statement about collecting "biometric identifiers." It doesn't specify what TikTok plans to do with this data or whether it's taking into account federal or state laws or both.

This comes only a few months after TikTok settled a $92 million lawsuit where it was accused of collecting biometric data from users without their consent.

The lawsuit accused the social media platform of deploying a complex artificial intelligence (AI) system to scan for facial features in users' videos, alongside algorithms to identify a user's age, gender and ethnicity.

The accusers claimed that TikTok's app extracted a broad array of such data without consent and shared personal and private viewing histories with third parties, such as Facebook and Google.

Also of concern was the potential for this data to be shared with companies based in China, as the lawsuit claims TikTok doesn't adequately disclose how it shares user data with entities outside the US.