Target · Target Privacy Policy · View original document ↗

Biometric Data Collection

High severity Medium confidence Explicitdocumentlanguage Uncommon · 21 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Target recorded 66 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Target Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Target may collect biometric data, such as facial geometry, when you use features like virtual try-on. In some states, Target must notify you and get your consent before collecting this data.

This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Biometric data is among the most sensitive categories of personal information. Unlike a password, it cannot be changed if compromised, and several states impose strict legal requirements on its collection, use, and storage.

Interpretive note: The policy references 'certain states' without enumerating them, creating ambiguity about which state-specific consent flows are actually implemented and whether they satisfy BIPA's specific written release requirement.

Clause Stability Stable

0
Changes
3
Months Monitored
May 10, 2026
First Seen
May 20, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

If you use virtual try-on or similar features, Target may collect your facial geometry, a form of biometric data that is protected by strict state laws in Illinois, Texas, and Washington. Using these features without reviewing applicable state disclosures could mean consenting to biometric data collection with limited ability to retract that consent after the fact.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit Target's privacy policy page and locate the data request portal. Submit a deletion request specifically referencing your biometric data if you have used virtual try-on features.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

eBay Medium

We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.

See all platforms with this clause type →

Monitoring

Target has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Biometric information: We may collect biometric information such as your face geometry when you use certain features on our website or app (e.g., virtual try-on features). In certain states, we are required to provide you with additional notice and obtain your consent prior to collecting your biometric information.

— Excerpt from Target's Target Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1. REGULATORY LANDSCAPE: This provision directly implicates the Illinois Biometric Information Privacy Act (BIPA), which requires written notice, a written release, and a publicly available retention schedule prior to collecting biometric identifiers or biometric information; enforcement is through a private right of action. Texas Business and Commerce Code Chapter 503 and the Washington My Health MY Data Act also impose biometric data obligations. The California Consumer Privacy Act (CPRA) classifies biometric data as sensitive personal information requiring opt-in or enhanced disclosure in some contexts. The FTC has increasingly scrutinized biometric data practices under Section 5 of the FTC Act. 2. GOVERNANCE EXPOSURE: High. BIPA carries statutory damages of $1,000 to $5,000 per violation and has generated significant class action litigation against retail companies using facial recognition and virtual try-on technologies. The policy's statement that consent and notice are required in 'certain states' without specifying those states or the nature of the notice may be insufficient to satisfy BIPA's written release requirement. 3. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action and per-violation damages. Texas and Washington impose regulatory enforcement obligations. California classifies biometric data as sensitive personal information under CPRA, triggering heightened opt-in or opt-out rights depending on the use case. This provision may be unenforceable as written in Illinois if the required written release has not been separately obtained. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should assess whether virtual try-on technology vendors process or store biometric data on Target's behalf, and whether applicable data processing agreements address BIPA-compliant retention and destruction schedules. Any vendor receiving biometric data should be subject to contractual obligations at least as protective as those Target assumes toward consumers under state law. 5. COMPLIANCE CONSIDERATIONS: The compliance team should confirm that state-specific biometric consent flows are implemented before biometric data is collected, not just disclosed post-collection. A retention and destruction schedule for biometric data should be publicly available as required by BIPA. Legal counsel should evaluate whether the policy's general reference to 'certain states' satisfies the specificity required under applicable biometric privacy statutes.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over unfair or deceptive data practices under Section 5 of the FTC Act, including biometric data collection and handling practices
    File a complaint →
  • State AG
    State attorneys general in Illinois, Texas, and Washington have enforcement authority over biometric privacy statutes applicable to this provision
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
TCPA
United States Federal
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Target Privacy Policy
Entity
Target
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 10, 2026
Record ID
CA-P-008953
Document ID
CA-D-00260
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
2ada96ab96828e67aca9fbda0574b799477f7b5740302a307f04ec582983a272
Analysis generated
May 10, 2026 13:05 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Target
Document: Target Privacy Policy
Record ID: CA-P-008953
Captured: 2026-05-10 13:05:34 UTC
SHA-256: 2ada96ab96828e67…
URL: https://conductatlas.com/platform/target/target-privacy-policy/biometric-data-collection/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Target's Biometric Data Collection clause do?

Biometric data is among the most sensitive categories of personal information. Unlike a password, it cannot be changed if compromised, and several states impose strict legal requirements on its collection, use, and storage.

How does this clause affect you?

If you use virtual try-on or similar features, Target may collect your facial geometry, a form of biometric data that is protected by strict state laws in Illinois, Texas, and Washington. Using these features without reviewing applicable state disclosures could mean consenting to biometric data collection with limited ability to retract that consent after the fact.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 21 platforms. See the full comparison.

Is ConductAtlas affiliated with Target?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.