TikTok states it may collect faceprints and voiceprints generated from your videos and audio content, and will ask for your permission where the law requires it.
This analysis describes what TikTok Ads's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes a framework for extraction and processing of biometric data from content users upload to the platform. The operational significance lies in the authorization to generate and retain these biometric derivatives, with compliance obligations tied to applicable statutory requirements rather than a blanket opt-in requirement.
Interpretive note: The scope of consent obligations depends on the user's state of residence; the policy's conditional language does not specify the mechanism or timing of consent, leaving compliance posture in non-biometric-statute states ambiguous.
The updated policy changed the controlling entity from TikTok USDS Joint Venture LLC to TikTok Pte. Ltd., a Singapore-registered company. The U.S.-specific privacy policy language was replaced with terms covering "other regions." Users previously governed under U.S. privacy protections are now subject to different jurisdictional terms.
View change record →This provision states that biometric identifiers and information, specifically faceprints and voiceprints, may be extracted from content you upload or create on TikTok; whether you are asked for consent before this collection depends on your state of residence and applicable law.
How other platforms handle this
"By clicking 'Next', you are indicating that you have read and agree to the TERMS OF USE AND PRIVACY POLICY"
We automatically collect certain information from your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Service, we collect information about the individual web pages or products th...
Location data. Data about your device's location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device's IP address...
Monitoring
TikTok Ads has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your user content. Where required by law, we will seek any required permissions from you prior to any such collection.— Excerpt from TikTok Ads's TikTok Privacy Policy
1. REGULATORY LANDSCAPE: This provision directly implicates the Illinois Biometric Information Privacy Act (BIPA), which requires written informed consent and a publicly available retention and destruction policy before collecting biometric identifiers or information. It also engages Texas's Capture or Use of Biometric Identifier Act (CUBI) and Washington's biometric privacy provisions. The FTC may also have jurisdiction over unfair or deceptive practices related to biometric data collection. The provision's conditional consent language ('where required by law') creates a tiered compliance posture that varies by state. 2. GOVERNANCE EXPOSURE: High. The provision's reliance on a conditional consent standard rather than a uniform opt-in mechanism creates material exposure in states with biometric privacy statutes, particularly Illinois, where BIPA provides a private right of action and statutory damages ranging from $1,000 to $5,000 per violation. The policy does not specify the form, timing, or delivery mechanism of consent, nor does it describe a publicly available biometric data retention and destruction schedule as BIPA requires. 3. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action and class action history. Texas and Washington also have biometric statutes enforceable by state attorneys general. California's CCPA/CPRA treats biometric data as sensitive personal information requiring opt-in consent for processing. Users in these states have materially different rights than users in states without biometric statutes. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor teams should assess whether downstream service providers who receive biometric data (for example, content moderation or video effects providers) have adequate data processing agreements and biometric-specific compliance obligations. The policy does not disclose which vendors process biometric data, which may complicate vendor assessment and data mapping exercises. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether TikTok's consent mechanism for biometric data collection satisfies BIPA's written informed consent requirement, including disclosure of the specific purpose and duration of retention. A biometric data retention and destruction schedule should be evaluated for public availability. Data maps should identify all processing points at which faceprints or voiceprints are generated, stored, or shared, including with third-party video processing or effects vendors.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes a framework for extraction and processing of biometric data from content users upload to the platform. The operational significance lies in the authorization to generate and retain these biometric derivatives, with compliance obligations tied to applicable statutory requirements rather than a blanket opt-in requirement.
This provision states that biometric identifiers and information, specifically faceprints and voiceprints, may be extracted from content you upload or create on TikTok; whether you are asked for consent before this collection depends on your state of residence and applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TikTok Ads.