TikTok states it may collect faceprints and voiceprints generated from your videos and audio content, and will ask for your permission where the law requires it.
This analysis describes what TikTok Ads's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes collection of biometric identifiers, including faceprints and voiceprints, which are among the most sensitive categories of personal data under US state law; the conditional consent language ('where required by law') means collection may proceed without explicit consent in states that do not mandate it.
Interpretive note: The scope of consent obligations depends on the user's state of residence; the policy's conditional language does not specify the mechanism or timing of consent, leaving compliance posture in non-biometric-statute states ambiguous.
The updated policy states that TikTok Pte. Ltd., a Singapore-registered entity, now provides and controls the Platform, replacing the previous U.S.-based operator. The policy removes its prior explic…
This provision states that biometric identifiers and information, specifically faceprints and voiceprints, may be extracted from content you upload or create on TikTok; whether you are asked for consent before this collection depends on your state of residence and applicable law.
How other platforms handle this
User content, such as prompts, photos, images, music, videos, audio, screen sharing, comments, questions, messages, works of authorship, and other content or information that you, or third parties acting on your behalf, input, generate, transmit, upload, or submit to us as part of a contest or live ...
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
Monitoring
TikTok Ads has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your user content. Where required by law, we will seek any required permissions from you prior to any such collection.— Excerpt from TikTok Ads's TikTok Privacy Policy
1. REGULATORY LANDSCAPE: This provision directly implicates the Illinois Biometric Information Privacy Act (BIPA), which requires written informed consent and a publicly available retention and destruction policy before collecting biometric identifiers or information. It also engages Texas's Capture or Use of Biometric Identifier Act (CUBI) and Washington's biometric privacy provisions. The FTC may also have jurisdiction over unfair or deceptive practices related to biometric data collection. The provision's conditional consent language ('where required by law') creates a tiered compliance posture that varies by state. 2. GOVERNANCE EXPOSURE: High. The provision's reliance on a conditional consent standard rather than a uniform opt-in mechanism creates material exposure in states with biometric privacy statutes, particularly Illinois, where BIPA provides a private right of action and statutory damages ranging from $1,000 to $5,000 per violation. The policy does not specify the form, timing, or delivery mechanism of consent, nor does it describe a publicly available biometric data retention and destruction schedule as BIPA requires. 3. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action and class action history. Texas and Washington also have biometric statutes enforceable by state attorneys general. California's CCPA/CPRA treats biometric data as sensitive personal information requiring opt-in consent for processing. Users in these states have materially different rights than users in states without biometric statutes. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor teams should assess whether downstream service providers who receive biometric data (for example, content moderation or video effects providers) have adequate data processing agreements and biometric-specific compliance obligations. The policy does not disclose which vendors process biometric data, which may complicate vendor assessment and data mapping exercises. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether TikTok's consent mechanism for biometric data collection satisfies BIPA's written informed consent requirement, including disclosure of the specific purpose and duration of retention. A biometric data retention and destruction schedule should be evaluated for public availability. Data maps should identify all processing points at which faceprints or voiceprints are generated, stored, or shared, including with third-party video processing or effects vendors.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes collection of biometric identifiers, including faceprints and voiceprints, which are among the most sensitive categories of personal data under US state law; the conditional consent language ('where required by law') means collection may proceed without explicit consent in states that do not mandate it.
This provision states that biometric identifiers and information, specifically faceprints and voiceprints, may be extracted from content you upload or create on TikTok; whether you are asked for consent before this collection depends on your state of residence and applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TikTok Ads.