The language of the rules was unclear, as it did not clarify whether it referred to federal law, state laws, or both, nor did it explain why exactly this information was being collected or how it might be shared.
To learn more, Sen. Kirsten Sinema (D-AZ) today asked a representative of TikTok for the hearing, his Chief Operating Officer Vanessa Pappasif Americans’ biometric data has ever been accessed by or provided to any person located in China.
She also wanted to know if it was possible for this biometric data to be accessed by anyone in China.
Pappas didn’t directly answer the question with a simple yes or no, but rather went on to clarify how TikTok defines biometrics.
Noting that everyone has their own definition of what “biometrics” means, Pappas argued that TikTok does not use “any kind of facial, voice or sound recognition, or body recognition that would identify an individual.”
She further explained that such data collection is only used for video effects and is stored locally on users’ devices, where it is subsequently deleted.
“…the way we use facial recognition, for example, would be if we apply an effect to the creator’s video – so, you upload a video and you want to put sunglasses or dog ears on your video – that’s when we do facial recognition. All this information is stored only on your device. And as soon as it’s applied — as that filter is applied and published — that data is deleted,” Pappas said. “So we don’t have that data.”
In other words, the TikTok executive says that ByteDance employees in China would have no way to collect this data from US TikTok users in the first place because of the way that process works on a technical level. (TikTok, of course, has hundreds of filters and effects in its app, so analyzing how each one works independently would take technical expertise and time.)
Notably, this is the first time the company has responded to US senators’ inquiries about the app’s use of biometrics since the issue was raised during a hearing in October 2021. was essentially avoided at the time. When Sen. Marcia Blackburn (R-TN) contacted TikTok for more information after that hearing, the issue of facial recognition and voiceprints was not included in the list of questions that TikTok brought back to her office later that year in December.
The biometrics issue didn’t come up either in the letter sent by TikTok to a group of US senators in June 2022 to answer follow-up questions about ByteDance’s Chinese employees’ access to US TikTok user data, after the damning BuzzFeed News report on the matter. Instead, this letter focused more on how TikTok is working to move it US users’ data in the Oracle cloud to further restrict access by employees in China.
A lack of understanding regarding the aspect of TikTok’s use of biometric data raised further concerns in April 2022. when the ACLU pointed out that a new trend on TikTok involves users taking close-ups of their eyes, then using a high-definition filter to show the details, patterns and colors of their irises. At the time of report, over 700,000 videos have been created using the the filter within a month, he said. (Today, TikTok’s app only reports 533,000+ videos.) In an email to TechCrunch, the ACLU also suggested looking into Oracle’s biometric technologygiven its plans to host TikTok user data.
In addition to the biometric data collection questions, TikTok was also asked during today’s hearing whether or not it tracks users’ keystrokes.
This is related to a finding by an independent privacy researcher, released in August, alleging that the TikTok iOS app injected code that could allow it to essentially perform keylogging. Ireland’s Data Protection Commission also requested a meeting with TikTok following the publication of this research.
At the time, TikTok explained that the report was misleading because the app’s code doesn’t do anything malicious, but rather is used for things like debugging, troubleshooting, and performance monitoring. The company also said it used keystroke information to detect unusual patterns to protect against false registration, spam comments and other behavior that could compromise its platform.
At today’s hearing, Pappas reiterated that TikTok never collected the content of the input and that, as far as she knew, it was an “anti-spam measure.”