If you enable the facial recognition feature on Eufy security cameras, the cameras will process biometric facial data of people who appear in footage, including visitors and household members who may not have agreed to this.
This analysis describes what Eufy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric facial data is among the most sensitive personal data categories because it is unique and permanent; unlike a password, you cannot change your face. Collection of this data from home security devices implicates strict state laws and requires explicit informed consent.
Interpretive note: The precise scope of biometric data collection, including whether it applies only to enrolled individuals or all persons captured in footage, is not fully detailed in the available policy text.
Enabling face recognition on Eufy cameras means the system processes biometric facial geometry data of anyone captured on video, including guests and household members who may not be aware of or have consented to this processing.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Eufy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect biometric data such as face recognition features when you enable the face recognition feature on your eufy Security devices. This information is used to help you recognize people who appear in the footage captured by your eufy Security devices.— Excerpt from Eufy's Eufy Privacy Policy
REGULATORY LANDSCAPE: Biometric data collection implicates Illinois BIPA (requiring written consent and a publicly available retention policy before collecting biometric identifiers), Texas CUBI, Washington My Health DATA Act equivalents, and GDPR Article 9 (which classifies biometric data used for identification as a special category requiring explicit consent). The FTC has enforcement authority over deceptive data practices at the federal level. The policy's assertion that collection occurs upon user enabling the feature may be insufficient to satisfy BIPA's written consent requirement for third parties captured in footage. GOVERNANCE EXPOSURE: High. The processing of biometric data from residential cameras creates direct exposure under BIPA, which provides a private right of action with statutory damages of $1,000 to $5,000 per violation. The fact that cameras capture individuals other than the account holder who have not consented to biometric processing is a well-litigated BIPA exposure scenario. GDPR Article 9 requires explicit consent for biometric processing, and the policy's reliance on user account setup as the consent mechanism may not satisfy this standard for third parties. JURISDICTION FLAGS: Illinois (BIPA), Texas (CUBI), Washington, and EU/EEA jurisdictions create the highest exposure. In Illinois, individuals photographed or recorded without proper biometric consent notice have a private right of action. In EU/EEA, supervisory authorities can impose administrative fines for unlawful processing of special category data. Enforcement risk is elevated where cameras are installed in locations capturing public or semi-public spaces. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Eufy cameras in commercial or shared residential settings should assess whether the biometric data processing terms in this policy are adequate for B2B use, and whether downstream liability for capturing employee or visitor biometrics is addressed in procurement contracts. The policy does not appear to address whether Eufy acts as a processor or joint controller for biometric data, which creates ambiguity in liability allocation. COMPLIANCE CONSIDERATIONS: Legal teams should verify whether the facial recognition feature is enabled by default or opt-in, audit whether current consent mechanisms meet BIPA's written consent standard, and assess whether a biometric data retention and destruction schedule has been published as required by BIPA. GDPR data protection impact assessments (DPIAs) may be required for biometric processing at scale.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric facial data is among the most sensitive personal data categories because it is unique and permanent; unlike a password, you cannot change your face. Collection of this data from home security devices implicates strict state laws and requires explicit informed consent.
Enabling face recognition on Eufy cameras means the system processes biometric facial geometry data of anyone captured on video, including guests and household members who may not be aware of or have consented to this processing.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Eufy.