The policy states that Target collects biometric information, specifically face geometry scans, when consumers use the virtual beauty try-on feature on Target's digital platforms.
This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision requires compliance with state biometric privacy statutes including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington's biometric privacy law, each of which imposes specific written consent, retention schedule, and destruction obligations prior to and following collection of biometric identifiers.
Interpretive note: The policy discloses biometric collection but does not detail the specific consent mechanism, retention schedule, or destruction protocol, making it unclear whether the collection practice as implemented satisfies applicable state biometric statutes.
This provision establishes that consumers who use Target's virtual try-on feature provide biometric face geometry data to Target; the policy discloses this collection but the consent mechanism and retention/destruction commitments applicable to this data category are not fully detailed in the policy text itself.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
window.GLOBAL_SN_OEST.init({ ssrOest: "OUVCMDQyfDE3Nzg1MjI0NDc5OTN8QzJfQTIyRF9GMjU0X0RCRTlfQjMwQkU2OTVCNThC", shouldSetCC: true, useCC:true, i18nKey: "Curve + Plus" }); ... key:updateOest ... fetch(r,{method:"POST",headers:i}).then
Monitoring
Target has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Biometric information, such as a face geometry scan when you use our virtual try-on feature.— Excerpt from Target's Target Privacy Policy
1. REGULATORY LANDSCAPE: This provision directly implicates the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (CUBI, Tex. Bus. & Com. Code Ch. 503), Washington's biometric privacy statute, and potentially CCPA/CPRA's sensitive personal information category covering biometric data used to identify a specific individual. BIPA enforcement is private right of action; Texas and Washington enforcement rests with state attorneys general. CCPA/CPRA enforcement is by the California Privacy Protection Agency and the California Attorney General. 2. GOVERNANCE EXPOSURE: High. BIPA litigation risk is substantial given its private right of action, per-violation statutory damages of $1,000 to $5,000, and broad judicial interpretation of 'collection.' The policy discloses biometric collection but does not detail whether an affirmative written consent mechanism exists prior to collection, whether a publicly available retention schedule and destruction policy exists, or whether data is shared with third parties in a manner that BIPA prohibits without separate consent. 3. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action and class action history. Texas and Washington create regulatory enforcement exposure. California consumers may invoke sensitive personal information rights under CPRA to limit use of biometric data. The provision may be unenforceable without demonstrated prior written consent under BIPA in Illinois. 4. CONTRACT AND VENDOR IMPLICATIONS: If face geometry data is processed by third-party technology vendors providing the augmented reality try-on feature, those vendors require data processing agreements that restrict onward use, require deletion upon termination, and comply with BIPA's prohibition on profiting from biometric data. Procurement teams should verify vendor agreements include BIPA-compliant data handling obligations. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the virtual try-on feature presents an affirmative consent screen prior to face geometry scan initiation; verify that a biometric data retention schedule and destruction policy is publicly available; confirm that no biometric data is disclosed to advertising partners; and assess whether CPRA sensitive personal information limitation opt-out is applied to this data category.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 10 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision requires compliance with state biometric privacy statutes including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington's biometric privacy law, each of which imposes specific written consent, retention schedule, and destruction obligations prior to and following collection of biometric identifiers.
This provision establishes that consumers who use Target's virtual try-on feature provide biometric face geometry data to Target; the policy discloses this collection but the consent mechanism and retention/destruction commitments applicable to this data category are not fully detailed in the policy text itself.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.