Back in January of 2019, the Peterson Institute for International Economics sounded a warning about a seemingly innocuous social media app. TikTok, the think tank suggested, represents a potential national security concern for the US. “TikTok per se may never expand its reach beyond teenagers, but it is only a matter of time before a Chinese app with broader appeal hits the US and EU markets,” reads a commentary from the institute at the time, referencing the fact that TikTok was launched in China. “If widely adopted, such an app could become a Huawei-sized problem in terms of the access to the West potentially afforded to Chinese security services.” This was the pre-Covid posture the Trump administration quickly adopted, turning almost anything connected to China into a political punching bag. Not only did the previous administration rail against companies like Huawei and TikTok for being supposed potential arms of the Chinese state — but the administration also tried to tie them up in either legal or political machinations. Trump himself eventually penned a dubious executive order ostensibly banning TikTok and tried to broker a sale of the company’s US interests to untangle it from even the shadow of China. Trump eventually cleared out of 1600 Pennsylvania Avenue earlier this year, while TikTok is still plugging along.
This brings us to a creepy-sounding update to the company’s privacy policy that made headlines this week. One that’s eyebrow-raising enough that it’s a pretty good bet there’s no way the company would have tried this while TikTok was still one of Trump’s favorite, albeit fleeting, bêtes noires.
As a reminder, the thinking behind Trump’s antagonism toward a company like TikTok is that because its parent company ByteDance was based in China, there was a fear that the company could be co-opted by China’s ruling Communist Party and made to snoop on American users. So Trump spent months using his administration to try to force TikTok to either shut down in the US or disentangle itself from connections to ByteDance.
One can’t help but suspect that the Trump administration would have ramped up its fight against TikTok even more had the service did then what it did this week — tweak its privacy policy to allow TikTok to “collect biometric identifiers and biometric identification” from user content, which includes “faceprints and voiceprints.” The company’s privacy policy now reads: “We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.”
That last sentence is very carefully worded because as things stand now, TikTok could actually collect biometric data from most users in the US and still be within the bounds of the framing above. That’s because most states don’t have laws on the books forbidding companies from collecting this data.
This would surely have provided a pretext for an even bigger fight against the company from the last administration than the fight that actually took place. TikTok hasn’t confirmed publicly whether it’s already started collecting biometric data from users, but the company did agree to pay $92 million back in February to settle a class-action lawsuit in Illinois, which alleged that TikTok was violating the biometric data privacy law in the state. Federal government agencies like the TSA have also banned their employees from using the app.