The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, and other geographies (excluding India) where the service operates are exempted from the changes.
"We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection," the ByteDance-owned company said in a newly introduced section called "Image and Audio Information."
Besides not clearly defining the exact nature of biometrics being collected or offering a convincing reason as to why this data gathering is necessary in the first place, the vaguely worded language could allow TikTok to amass such sensitive data without users' explicit consent.
Given that only a handful of states in the U.S. — California, Illinois, New York, Texas, and Washington — have laws restricting companies from collecting biometric data, the move could mean that TikTok doesn't have to ask permission from its users in other states, as noted by TechCrunch. In other words, users are consenting to have their biometric data collected simply by agreeing to its terms of service.