May 20, 2020 – California Class Action Claims TikTok Failed to Obtain Consent Before Collecting User Facial Geometries
A proposed class action filed in California federal court is the latest to allege TikTok and ByteDance have run afoul of Illinois privacy law by collecting app users’ facial geometries without consent.
According to the suit, the teen-centric short-form video app collects a scan of a user’s face each time he or she accesses TikTok’s facial filters, stickers or face-tracker lens. The lawsuit, filed on behalf of a minor TikTok user residing near Chicago, claims the companies have violated the Illinois Biometric Information Privacy Act in that they failed to obtain informed, written consent from users before collecting, storing or using their biometric information, and failed to implement and maintain a publicly available retention schedule with regard to the data.
May 11, 2020 – TikTok Hit with Another Biometric Data Privacy Suit in Illinois
TikTok and ByteDance are the defendants in another proposed class action alleging the companies’ collection, storage and disclosure of app users’ facial geometries without consent violates the Illinois Biometric Information Privacy Act (BIPA).
Filed on behalf of two minor TikTok users, the lawsuit alleges TikTok and ByteDance’s actions have robbed the plaintiffs and other users of the power to make decisions about the fate of their unique biometric information. This is particularly troublesome when it comes to TikTok given the short-form video app’s connection to the Chinese government, a concern that’s led some U.S. military branches to ban the use of TikTok on government-issued phones, the complaint says.
“In direct violation of the BIPA, the TikTok app’s proprietary facial recognition technologyscans every video uploaded to the app for faces, extracts geometric data relating to the unique points and contours (i.e., biometric identifiers) of each face, and then uses that data to create and store a template of each face –all without ever informing anyone of this practice,” the case claims.
A proposed class action lawsuit alleges TikTok, Inc. has violated Illinois biometric privacy law by scanning app users’ faces and storing their facial geometries without consent to do so.
Filed by two Illinois guardians on behalf of minor children, the case further alleges defendants TikTok, Inc. and ByteDance, Inc. do not disclose to those who use the ultra-popular 15-second-video app what the companies do with their data, nor who has access to such and whether, where and for how long facial scans are stored.
According to the lawsuit, TikTok, whose user base consists predominantly of young people ages 16 to 24, scans the facial geometry of each user before running an algorithm to determine the individual’s age. Facial scans also allow users to superimpose animated filters onto the faces of video subjects, the case says. Per the lawsuit, TikTok has been downloaded upward of a billion times worldwide and more than 120 million times in the U.S., making the app the most-downloaded non-game app in the world.
Companies that collect biometric identifiers such as facial scans and fingerprints in Illinois, however, are subject to the state’s Biometric Information Privacy Act, which lays out stringent guidelines for the collection, storage, purchase and disclosure of citizens’ unchangeable biometric data. Enacted in 2008, the Illinois BIPA stipulates that a company cannot “collect, capture, purchase, receive through trade, or otherwise obtain” an individual’s biometric information unless it first:
Informs the individual or their legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored;
Informs the subject or their authorized representative in writing of the specific purpose and length of term for which a biometric identifier is being collected, stored and used; and
Receives a written release from the subject allowing for the collection of their biometric data.
Further, the Illinois BIPA requires a company dealing in biometric information to publish a written, publicly available retention schedule and guidelines for the permanent destruction of citizens’ biometric identifiers “when the initial purpose for collecting or obtaining such” has been satisfied or within three years of an individual’s last interaction with the entity, the suit says.
Notwithstanding TikTok’s reliance on facial scanning for age verification and in-app filters, the company does not obtain consent from users before collecting, storing or disclosing their sensitive biometric information, the lawsuit alleges. The suit further alleges TikTok shares users’ biometric information with “other members of its corporate family,” including ByteDance and affiliates in China.
Early this year, TikTok quickly settled a proposed class action that alleged the company collected data from children under 13 years old without parental consent. Within a week of that case’s filing, TikTok was hit with an additional lawsuit over claims that the company surreptitiously vacuumed up and transferred user data to servers in China to “identify, profile and track the location and activities” of U.S. residents.
In February 2020, the Federal Trade Commission announced those who operate TikTok would pay a $5.7 million civil penalty for violations of the Children’s Online Privacy Protection Act (COPPA).
Though the suit was filed in California, the case looks to cover a class of Illinois residents who used the musical.ly or TikTok app and utilized face filters, face stickers or the app’s face tracker lens on an image or video of their own face or on their face in another individual’s video or image.
Get class action news sent to your inbox - sign up for ClassAction.org's newsletter here.