The well-known security solutions company Panda Security has issued a warning about the potential risks of sharing sensitive information with TikTok . Recently, the social network, owned by the Chinese firm ByteDance, updated its privacy policies in order to collect biometric data from users.
Unlike other applications, which notify changes to their privacy policies through pop-up windows, TikTok has made a silent update. In other words, they have come into force in an almost invisible way for users, although it has not gone unnoticed by various technological means.
TikTok's new privacy policy adds a new section called “Image and Audio Information.” This establishes that the application can collect biometric data such as “characteristics and attributes of the face and body , the audio and the text of the words spoken by the user in its content”.
TikTok, biometrics and possible dangers
Photo by Solen Feyissa on Unsplash Panda Security says that these privacy policy changes will allow TikTok to “automatically collect new types of biometric data.” From ByteDance they point out that the information collected will not be used in personal identification operations . Instead, they will be used to “enable special video effects, content moderation, demographic ranking, and ad recommendations.”
However, these promises do not leave the security firm alone. Panda highlights that TikTok has already been at the center of controversy for not being respectful of privacy . Precisely, at the beginning of 2020, ByteDance had to pay 92 million dollars to blow up the Privacy Law of Illinois, United States.
The Chinese social network was charged with illegally collecting personal information from users under the age of 13 , including their names, locations and email addresses. All this, according to the authorities, “without seeking parental consent.” Consequently, TikTok promised to improve its privacy practices.
However, the risks do not end there. The possibility that ByteDance may not properly handle the collected biometric data is also pointed out. While information should be protected, Internet giants have made exorbitant mistakes that have put users at risk. Facebook, for example, stored “by mistake” more than 200 million passwords in plain text, that is, without any protection and within the reach of its employees for years.
ByteDance may not be impervious to a potential data leak. Likewise, there is also the possibility, as Panda points out, that China will force the company to share the biometric information of users with the Government .