“Generally speaking, these policy changes are very concerning,” noted Lieff Cabraser partner Douglas Cuthbertson, who is a member of the firm’s Privacy & Cybersecurity practice group. “The changes are vague in a lot of ways. TikTok does not explain what it will do with this biometric information, how and when it will seek consent before taking it, and what it means by ‘faceprints and voiceprints,’ which aren’t defined.”
Cuthbertson’s greatest concerns come from the company’s statement that their collection of this information “is for other non-personally-identifying operations.”
“It’s disingenuous to say these are ‘non personally-identifying’ operations,” he says, pointing out that a person’s unique ‘faceprint’ or ‘voiceprint’ could inherently be used to identify someone. “That’s not the way the mobile data ecosystem works anymore. You don’t need someone’s social security number to figure out who they are and how to monetize them.”
Cuthbertson emphasizes that it is the open-ended nature of the uses listed in the new policy section that generates such cause for concern. “It’s one thing if TikTok can discreetly say, we’re taking this narrow band of information, here’s our description of the information so that you, as a user, really understand what we mean and here’s this very narrow way we’re going to use it,” he says. “Instead we have vague definitions of what the data even is and TikTok itself is vague about how and why they need to use it.”
While no federal law regulating the collection and use of biometric data yet exists, some states have passed their own laws surrounding the subject. “But it’s this legal gray area that demonstrates the need for more stringent standards,” says Cuthbertson.
“Is it state law? Is it federal law? Even if it’s every applicable law, it’s still highly problematic,” he says. “That they will do what’s required by law as defined under the vague term ‘U.S. laws’ really highlights the need for more robust privacy laws and regulations that govern the collection of biometric information.”
Read the full article on TIME’s website.
About Douglas Cuthbertson
A partner in Lieff Cabraser’s New York office, Douglas Cuthbertson has a practice focused on domestic and international consumer fraud cases, digital privacy, and securities fraud.
His past and present work includes securities litigation against the Brazilian petroleum corporation Petrobras, a financial fraud action against Morgan Stanley, consumer litigation against Volkswagen, as well as an airline overcharging case against British Airways where he was designated as Class Counsel (Dover v. British Airways). Doug has also litigated numerous class action consumer protection cases under the Telephone Consumer Protection Act against large banks, satellite service providers, and utilities, helping result in the largest monetary settlements in the history of the TCPA to end harassing robocalls to millions of consumers.
Doug has acted in digital privacy litigation against Google, Disney, Viacom, and others, including as co-counsel for the New Mexico Attorney General’s Office and as Class Counsel in McDonald v. Kiloo A/S (and two related actions) on behalf of parents concerning the unlawful collection and use of their children’s personal information from mobile games to track and monetize kids. Leading nonprofit advocates described these settlements as “the biggest change to the children’s app market,” impacting Defendants’ “business models” to prevent children from being “targeted with the most insidious and manipulative forms of marketing.”