Privacy Tips

Biometric Data: Apps, Social Media, the Government, and What it Means for You

October 28, 2022
·
6 min

In 2015, the state of Illinois sued Facebook (now Meta) for the illegal collection and storage of users’ biometric data. The state won, finding that the social media giant failed to gain direct consent from consumers to use their data as an online facial recognition tool.

Illinois has been one of the most aggressive states regarding the preservation of its population’s privacy. In 2008, it enacted the Biometric Information Privacy Act (BIPA), which requires any entity collecting biometric data to share details on how and why the data would be used, and to gain express consent before collecting and recording this data.

Unfortunately, the line can be blurred when it comes to social media and apps due to the nationally accessible nature of the platforms. In this case, Illinois stood by BIPA and was able to secure some compensation for people impacted within the state. However, this is an exception to the rule.

So, if you’ve participated in the latest makeup selfie trend or used one of those face aging apps, you may have inadvertently shared your biometric data with companies and individuals.

This is a growing issue.

Recently, there has been a growing awareness of the collection of biometric data and what this can mean for individuals. You may have heard of the company “ID.me” which was briefly used by the IRS to collect biometric data as a way to verify taxpayers’ identities.

This garnered massive amounts of pushback from the public and political figures that ultimately resulted in the IRS dropping ID.me shortly after implementing it. Not only was ID.me a potential privacy risk, it also showcased one of the biggest issues with biometric identification: racial discrimination.

Biometric algorithms have been exposed as potentially inaccurate when scanning people with darker skin, particularly black women between the ages 18 and 30. Because of this, there have been several false arrests, prompting the discontinuation of the use of biometric data in law enforcement.

However, as of 2016, it was proven that law enforcement agencies and homeland security had and have access to the biometric data of more than half of all Americans collected without their consent. Regardless of how they use it, knowing that any agency can collect and create a database of your personal features is triggering.

As of 2022, we’ve seen some legal progress in the fight to regulate biometric data. But passing regulatory legislation is a slow process, especially when it must be decided on a state-by-state basis.

Hopefully, the public awareness will result in expedited processes.

Social media “challenges” are making it worse.

Most recently, we’ve seen the viral “eyemakeup” challenge that encourages people to apply eye makeup using certain parameters, and then to upload the images to social media.

While this isn’t a face altering app, it does give just about anyone a close up of your iris, which is sometimes accurate enough to act as a biometric signature. Criminals can harness some of these images and use them to access your personal information, assets, or anything else that relies on an iris scan.

This may not be super common, but it gives a window into the darker side of social media challenges when they’re exploited by bad actors.

You may remember the popular trend of uploading your face into an app that could then alter it to look old. Or still popular apps that are used to add full face makeup to unadorned images.

These are both apps feeding into social media that may be or have been collecting biometric data. Whether this is to store it for later use in-app, or to sell to data brokers, this still isn’t an acceptable practice.

Before using any filter apps, make sure you read through their privacy policies and have a good understanding of exactly what happens after you upload a picture. And keep in mind that once something is shared publicly on social media, it can be collected and added to a larger database without your consent.

Here’s what you can do about it.

First, be fully aware of how and when your biometric data is being collected. While there are some safe uses, there are also times when it’s wholly unnecessary for an organization to store this type of data.

Check out privacy policies and ask questions. It shouldn’t take a lot of work to get this info, unless a company really doesn’t want you to see it. Look for contact information on the site or the app, and don’t be afraid to reach out and ask for a full explanation of whether they collect, use, store, or sell biometric data. If they don’t answer you, don’t use the software.

Know your rights. Every state can have a slightly different approach to protecting consumer privacy. Take a few minutes to look up your state’s legislation and regulations on the collection and use of biometric data. This lets you know what red flags to look for and what actions you can take if organizations fail to operate within the bounds of the law.

Abstain from uploading biometric information on any social platforms, apps, or websites. While this may seem like a big ask, it’s really the safest way to protect your info.

Stay Up to Date with Cloaked!

Want more great privacy tips, industry news, and tech insights? Follow us on LinkedIn, Twitter, and Instagram, and make sure to request early access to Cloaked!

View all