What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.walmart.com/privacy', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Submit a data deletion request at https://www.walmart.com/privacy specifying that you are requesting deletion of biometric information collected about you. California and Illinois residents have specific statutory rights to deletion of biometric and sensitive personal information.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'Illinois AG and Texas AG have enforcement authority over BIPA and CUBI respectively for biometric data collection without adequate consent or retention policies.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Biometric Identifier Collection clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Biometric Identifier Collection clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Biometric Identifier Collection — Walmart

Share 𝕏 Share in Share 🔒 PDF

What it is

Walmart may collect biometric data such as facial recognition information from in-store camera systems or other services, and claims to obtain consent where legally required.

Consumer impact (what this means for users)

Shoppers in Walmart stores may have their facial geometry captured by in-store camera systems, and this biometric data is subject to a distinct and heightened legal protection regime under Illinois BIPA and Texas CUBI that provides consumers with private rights of action and statutory damages.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Submit a data deletion request at https://www.walmart.com/privacy specifying that you are requesting deletion of biometric information collected about you. California and Illinois residents have specific statutory rights to deletion of biometric and sensitive personal information.

Cross-platform context

See how other platforms handle Biometric Identifier Collection and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Biometric data is among the most sensitive categories of personal information — it is permanent and cannot be changed if compromised — and collection of facial geometry in retail environments has generated some of the largest privacy class action settlements in U.S. history.

View original clause language

We may collect biometric information, such as facial geometry, voice prints, or other biometric identifiers, in connection with certain services, security systems, or in-store experiences. Where required by law, we will obtain your consent prior to collecting biometric information and will provide notice of our collection, use, and retention of such information.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/1 et seq.) requires informed written consent prior to biometric data collection, a publicly available retention and destruction policy, and prohibits sale or profit from biometric identifiers; enforced through a private right of action ($1,000 per negligent violation, $5,000 per intentional/reckless violation). Texas Capture or Use of Biometric Identifier Act (CUBI, Tex. Bus. & Com. Code §503.001) requires notice and consent; enforced by Texas AG with civil penalties up to $25,000 per violation. Washington Biometric Privacy Law (SB 1134) requires consent for commercial purposes. CCPA/CPRA classifies biometric data as sensitive personal information requiring opt-in consent for certain uses (Cal. Civ. Code §1798.121). (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

Illinois AG and Texas AG have enforcement authority over BIPA and CUBI respectively for biometric data collection without adequate consent or retention policies.
File a complaint →

Provision details

Document information

Document

Walmart Privacy Notice

Entity

Walmart

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-002993

Document ID

CA-D-00258

Evidence Provenance

Source URL

https://corporate.walmart.com/privacy-security/walmart-privacy-notice

Wayback Machine

View archived versions →

SHA-256

a9ee3ba6f2187e683c4d4b255cd07aee0927a05d027accfcfac4dbe289054722

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Walmart | Document: Walmart Privacy Notice | Record: CA-P-002993
Captured: 2026-04-18 11:34:25 UTC | SHA-256: a9ee3ba6f2187e68…
URL: https://conductatlas.com/platform/walmart/walmart-privacy-notice/biometric-identifier-collection/
Accessed: May 2, 2026

Classification

Severity

High

Biometric Identifier Collection