Biometric data is among the most sensitive personal information categories because it is immutable. State laws like Illinois BIPA impose strict requirements and statutory damages for non-compliant biometric data collection, making this provision legally significant regardless of the stated retention limit.
The provision establishes the operational framework for biometric data extraction from user content without requiring separate affirmative consent for each collection instance, conditioned on compliance with applicable legal permission requirements. This creates a systematic data processing capability across the platform's content moderation and recommendation infrastructure.
The provision operationalizes biometric data collection by designating separate privacy notices for different collection methods, establishing that users who access these specific features are subject to distinct data handling procedures for facial geometry versus facial movement capture.
Uber
· Uber Privacy Notice
This provision requires collection and processing of biometric identifiers, which are classified as special category data under GDPR Article 9 and sensitive personal information under CCPA/CPRA, and as biometric identifiers under Illinois BIPA and similar statutes, triggering heightened consent, retention, and security obligations in multiple jurisdictions.
Runway
· Runway Privacy Policy
The clause establishes that biometric data collection occurs only upon user submission for specific product features and defines the scope of permissible use as limited to service delivery. This framing acknowledges that such data may fall under biometric information regulations in certain jurisdictions.
The clause establishes the operational basis for biometric data collection and specifies retention tied to account status rather than a defined time period, meaning data persistence extends as long as the account remains active. This framework enables ongoing avatar regeneration and algorithmic improvement features.
Gemini
· Gemini Privacy Policy
Biometric data is among the most sensitive personal information because it cannot be changed if compromised; its collection and storage creates significant privacy risk and is subject to strict regulation in some states.
The provision establishes that data practices apply across multiple related entities rather than a single legal entity, which affects the scope of data sharing within the corporate group and the entities responsible for data handling obligations.
The collection of biometric data as part of identity verification establishes a data processing mechanism that requires users to provide facial recognition information to access the service. This creates an operational requirement where biometric information becomes part of the service's identity authentication infrastructure.
Biometric data like facial recognition is among the most sensitive categories of personal information because it is unique, immutable, and cannot be changed if compromised; state laws impose strict requirements around its collection, use, and retention.
TikTok
· TikTok Privacy Policy
The clause establishes TikTok's operational authority to extract and process biometric data from content users upload to the platform, subject to applicable legal consent requirements. This defines the scope of biometric processing the service conducts on user-submitted materials.
The provision establishes a framework for extraction and processing of biometric data from content users upload to the platform. The operational significance lies in the authorization to generate and retain these biometric derivatives, with compliance obligations tied to applicable statutory requirements rather than a blanket opt-in requirement.
The provision operationalizes biometric data collection by designating specific features that trigger facial data processing and specifying that separate privacy notices govern the data lifecycle for each feature category. This creates distinct procedural requirements for how Roblox handles facial geometry versus facial movement data.
Hinge
· Hinge Privacy Policy
The provision establishes a dual authorization structure: voluntary participation in verification features in most regions, with mandatory collection in specific jurisdictions. This creates differentiated data processing obligations based on geographic regulatory requirements for biometric information.
Uber
· Uber Privacy Notice
The provision establishes the operational framework for identity verification within Uber's driver and delivery network by authorizing the capture and processing of biometric facial data. This enables Uber to implement real-time identity authentication as a condition of platform participation.
TikTok
· TikTok Privacy Policy
Biometric data is among the most sensitive categories of personal information under US law because it cannot be changed if compromised; the policy's qualifier 'where required by law' means consent may not be sought in all jurisdictions.
Roblox
· Roblox Privacy and Cookie Policy
Biometric data is subject to strict state-level laws in the US (notably Illinois BIPA) that require informed written consent, impose retention and destruction obligations, and provide a private right of action; the policy does not specify which features or jurisdictions are involved.
Target
· Target Privacy Policy
This provision requires compliance with state biometric privacy statutes including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington's biometric privacy law, each of which imposes specific written consent, retention schedule, and destruction obligations prior to and following collection of biometric identifiers.
Biometric data is unique and permanent; unlike a password, it cannot be changed if compromised, making its collection and storage a significant privacy risk.
The provision establishes the operational framework for biometric data collection across Walmart's service ecosystem. By conditioning collection on legal consent requirements rather than blanket authorization, the clause creates jurisdiction-dependent obligations for notice and consent procedures.
The provision establishes a data collection practice for biometric information, a category subject to heightened regulatory requirements under various state and federal privacy statutes. The explicit reference to legal compliance requirements indicates the company has identified statutory obligations governing this processing activity.
The provision documents the operational scope of identity verification procedures by explicitly including biometric modalities alongside standard verification methods. This clarifies what categories of personal information the service processes during account access and security authentication.
Biometric data collection is subject to strict consent, retention, and destruction requirements under state laws including Illinois BIPA, and the policy's disclosure of this practice requires consumers in covered jurisdictions to be aware of their rights to consent or object.
Uber
· Uber Privacy Notice
The collection and processing of biometric data serves as a mechanism for identity authentication and fraud detection within Uber's driver and delivery operations. This establishes the institutional basis for biometric data handling in the context of platform participant verification.
Uber
· Uber Privacy Notice
The clause establishes Uber's operational authority to deploy facial recognition and biometric matching as a condition of driver participation and continued platform access. This practice affects the technical infrastructure required for driver onboarding and ongoing verification across jurisdictions with varying regulatory frameworks.
Uber
· Uber Privacy Notice
This provision establishes the operational basis for Uber's collection and processing of biometric identifiers as part of its identity verification and fraud prevention procedures. The authorization permits the company to use facial recognition technology as a mechanism for confirming account holder identity during authentication workflows.
Uber
· Uber Privacy Notice
The clause establishes a verification mechanism designed to prevent unauthorized account access and impersonation. This operational requirement affects how drivers and delivery workers authenticate themselves before each service session.
Biometric data is among the most sensitive categories of personal information because it is permanent and uniquely identifies individuals; unauthorized collection or misuse can cause irreversible harm.
This clause establishes the legal basis for Walmart's collection and processing of biometric data as part of its in-store operations infrastructure. The authorization covers a category of personal information subject to regulatory requirements in certain jurisdictions and establishes the operational scope of biometric collection activities.
Uber
· Uber Privacy Notice
This provision establishes Uber's operational use of biometric data as a driver verification mechanism. The real-time identity checks create an ongoing authentication requirement integrated into trip operations.