It’s vague as the policy language doesn’t clarify whether it refers to federal law, state law, or both, or exactly why this information is being collected or how it’s being shared.
To learn more, Sen. Kyrsten Sinema today asked TikTok’s hearing representative — its chief operating officer, Vanessa Pappas — about whether biometric data on Americans was ever accessed or provided to them. In addition, she wondered whether it was possible that the biometric data could be obtained by others.
Rather than answering the question directly with a simple “yes” or “no,” Pappas went on to clarify how TikTok defines biometric data.
Noting that everyone has their own definition of what “biometrics” means, Pappas said TikTok doesn’t use facial, voice or audio or body recognition of any kind to identify individuals.
In addition, she further stated that this data collection is only used for video effects and is stored on the user’s device and subsequently deleted.
Notably, this is the first time the company has responded to a U.S. senator’s inquiry about the app’s use of biometrics, as questions raised at the October 2021 hearing were largely avoided at the time. When Senator Marsha Blackburn pressed TikTok for more information after that hearing, questions about facial recognition and voiceprints weren’t on the list of questions TikTok returned to her office in December of that year.
In April 2022, the ACLU noted that a new trend on TikTok that lets users photograph their eyes up close and then use high-resolution filters to reveal the details, patterns and colors of their irises has sparked criticism of TikTok. Further focus on the use of biometrics. It noted that at the time of the report, more than 700,000 videos had been made using the filter in a month.
In addition to questions about biometric data collection, TikTok was asked at today’s hearing whether it was tracking users’ keystrokes. That ties into findings published in August by an independent privacy researcher that said TikTok’s iOS app had been injecting code that would allow it to essentially keylog. The Irish Data Protection Commission also requested a meeting with TikTok after the study was published.
At the time, TikTok said the report was misleading because the app’s code didn’t do anything malicious, but was used for things like debugging, troubleshooting and performance monitoring. The company also said it uses keystroke information to detect unusual patterns to prevent fake records, spam comments and other behaviors that could threaten its platform.
During today’s hearing, Pappas reiterated that TikTok never collected the input.