Questions surrounding data privacy and what happens to our personal data when companies collect it have risen to the forefront of public discussion more in recent years than ever before. As the data that companies collect grows more and more personal, where the data is stored and how it is used has become an increasingly important question. This is especially true for companies that collect and store biometric data – that is, data that measures biological features, such as fingerprints and facial features.
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.”
Regulators worry that users do not realize the full extent of the rights that they are granting FacApp, or where FaceApp is storing the data. FaceApp stores user information on the cloud, so deleting the app does not delete user data. The ability to sell such sensitive biometric data as that involved in facial scans, is frightening for many consumers. Particularly when the company in question is a Russian company, who has been accused of racism in the past. Given the current political climate, a Russian company that keeps and sells users biometric data scares many American consumers and law makers.
* Jason Zaccaro is an Associate Editor on the Michigan Technology Law Review.