TikTok states it may collect faceprints and voiceprints from videos and audio you upload or create on the platform, and will ask for your permission where a specific law requires it.
This analysis describes what TikTok's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data is among the most sensitive categories of personal information under US law because it cannot be changed if compromised; the policy's qualifier 'where required by law' means consent may not be sought in all jurisdictions.
Interpretive note: The scope of consent obligations depends on which states' biometric laws apply to a given user; the policy's conditional framing does not specify the mechanism for determining applicable law.
The policy states TikTok may extract faceprints and voiceprints from user-generated content; users in Illinois, Washington, and Texas have specific statutory rights regarding biometric data collection and consent, while users in other states may have fewer protections depending on applicable law.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
TikTok has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your user content. Where required by law, we will seek any required permissions from you prior to any such collection.— Excerpt from TikTok's TikTok Privacy Policy
1) REGULATORY LANDSCAPE: This provision directly engages Illinois BIPA, which requires informed written consent before collecting biometric identifiers and imposes a private right of action with statutory damages. Washington state biometric privacy law and Texas CUBI impose similar notice and consent requirements. The FTC has also addressed biometric data under its unfair or deceptive practices authority. The policy's conditional framing ('where required by law') means the consent trigger is jurisdiction-dependent rather than universal, creating variable compliance obligations across user populations. 2) GOVERNANCE EXPOSURE: High. The collection of faceprints and voiceprints from user content at scale, combined with a jurisdiction-conditional consent standard, creates material exposure under BIPA in particular, which provides for statutory damages of $1,000 to $5,000 per violation without proof of actual harm. The policy does not specify the mechanism by which jurisdiction-specific users are identified and routed to compliant consent flows. 3) JURISDICTION FLAGS: Illinois presents the highest exposure due to BIPA's private right of action and per-violation damages. Washington and Texas biometric laws impose state-level enforcement obligations. California users may have rights under CCPA's sensitive personal information framework. Users outside states with specific biometric statutes may have fewer enforceable protections under current law. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations embedding TikTok tools such as TikTok Pixel on their own platforms should assess whether data flows from those integrations implicate biometric collection on their sites, creating downstream vendor liability. B2B contracts with TikTok for advertising or commerce services should address biometric data handling obligations and liability allocation. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether biometric-specific consent flows are implemented for Illinois, Washington, and Texas user populations; assess whether the 'where required by law' standard satisfies each jurisdiction's specific notice-at-collection requirements; and evaluate whether data retention and destruction schedules for biometric data comply with applicable state law schedules.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data is among the most sensitive categories of personal information under US law because it cannot be changed if compromised; the policy's qualifier 'where required by law' means consent may not be sought in all jurisdictions.
The policy states TikTok may extract faceprints and voiceprints from user-generated content; users in Illinois, Washington, and Texas have specific statutory rights regarding biometric data collection and consent, while users in other states may have fewer protections depending on applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TikTok.