Target may collect biometric data, such as facial geometry, when you use features like virtual try-on. In some states, Target must notify you and get your consent before collecting this data.
This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes Target's data collection practices for biometric identifiers and creates a compliance framework that varies by jurisdiction. The clause distinguishes between general collection authority and state-specific consent requirements, reflecting differing legal obligations across jurisdictions with biometric privacy statutes.
Interpretive note: The policy references 'certain states' without enumerating them, creating ambiguity about which state-specific consent flows are actually implemented and whether they satisfy BIPA's specific written release requirement.
If you use virtual try-on or similar features, Target may collect your facial geometry, a form of biometric data that is protected by strict state laws in Illinois, Texas, and Washington. Using these features without reviewing applicable state disclosures could mean consenting to biometric data collection with limited ability to retract that consent after the fact.
How other platforms handle this
We may use third-party vendors for identity verification. These vendors analyze whether the Client's "selfie" matches the government-issued identity document. The information collected from Client photographs may constitute biometric information in some jurisdictions. Where required by law, we will ...
Your use of the Services is also governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Services, you consent to the data collection and use practices described in the Privacy Policy. Roblox collects information you provide directly, information collected a...
We collect information about you in a variety of ways depending on how you interact with us and our products and services. This includes information you provide directly, information we collect automatically when you use our services, and information we receive from third parties. We may collect ide...
Monitoring
Target has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Biometric information: We may collect biometric information such as your face geometry when you use certain features on our website or app (e.g., virtual try-on features). In certain states, we are required to provide you with additional notice and obtain your consent prior to collecting your biometric information.— Excerpt from Target's Target Privacy Policy
1. REGULATORY LANDSCAPE: This provision directly implicates the Illinois Biometric Information Privacy Act (BIPA), which requires written notice, a written release, and a publicly available retention schedule prior to collecting biometric identifiers or biometric information; enforcement is through a private right of action. Texas Business and Commerce Code Chapter 503 and the Washington My Health MY Data Act also impose biometric data obligations. The California Consumer Privacy Act (CPRA) classifies biometric data as sensitive personal information requiring opt-in or enhanced disclosure in some contexts. The FTC has increasingly scrutinized biometric data practices under Section 5 of the FTC Act. 2. GOVERNANCE EXPOSURE: High. BIPA carries statutory damages of $1,000 to $5,000 per violation and has generated significant class action litigation against retail companies using facial recognition and virtual try-on technologies. The policy's statement that consent and notice are required in 'certain states' without specifying those states or the nature of the notice may be insufficient to satisfy BIPA's written release requirement. 3. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action and per-violation damages. Texas and Washington impose regulatory enforcement obligations. California classifies biometric data as sensitive personal information under CPRA, triggering heightened opt-in or opt-out rights depending on the use case. This provision may be unenforceable as written in Illinois if the required written release has not been separately obtained. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should assess whether virtual try-on technology vendors process or store biometric data on Target's behalf, and whether applicable data processing agreements address BIPA-compliant retention and destruction schedules. Any vendor receiving biometric data should be subject to contractual obligations at least as protective as those Target assumes toward consumers under state law. 5. COMPLIANCE CONSIDERATIONS: The compliance team should confirm that state-specific biometric consent flows are implemented before biometric data is collected, not just disclosed post-collection. A retention and destruction schedule for biometric data should be publicly available as required by BIPA. Legal counsel should evaluate whether the policy's general reference to 'certain states' satisfies the specificity required under applicable biometric privacy statutes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes Target's data collection practices for biometric identifiers and creates a compliance framework that varies by jurisdiction. The clause distinguishes between general collection authority and state-specific consent requirements, reflecting differing legal obligations across jurisdictions with biometric privacy statutes.
If you use virtual try-on or similar features, Target may collect your facial geometry, a form of biometric data that is protected by strict state laws in Illinois, Texas, and Washington. Using these features without reviewing applicable state disclosures could mean consenting to biometric data collection with limited ability to retract that consent after the fact.
ConductAtlas has identified this type of provision across 18 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.