After Instagram and TikTok, X (ex-Twitter) has announced that it will collect biometric data from certain users by the end of September. Why this change in the rules? Is the collection of this type of very sensitive data becoming the new normal for platforms and social networks?
Iris or face scan, fingerprint verification… Will people soon have to agree to give their biometric data to access social networks or other platforms? The question arises when reading the future terms and conditions of use of X, formerly Twitter. As of September 29, X explains in an update to its terms and conditions that “ based on your consent, we may collect and use your biometric information Has safety, security and identification purposes “.
After Meta and TikTok, which offer in different countries to collect this type of data, or which verify the identity of users in this way, X joins the club of companies which will collect biometric data. If Elon Musk’s platform did not give a definition of these data particular in its general conditions or on its blog, it nevertheless clarified certain points to our colleagues from Bloomberg and some BBC. According to these exchanges, not all users are targeted: only people who subscribe to the paying service X Premium (ex-Twitter Blue) are concerned by this future collection of biometric data.
A possibility and not an obligation
The social network pointed out that they could opt for more security, via this additional layer of verification: “ X will offer the option to provide their official ID card, combined with a selfie “, he was clarified to our colleagues. This biometric information would include “ data relating to a person’s physical attributes, such as a face scan or fingerprint “. The collection of this data would be subject to the consent of the user in question.
It would therefore bea possibility and not an obligation – an important point in the European Union. The European regulation on personal data (RGPD) in fact conditions biometric recognition to consent “ enlightened “. Users should be able to opt out of the collection of this type of data – which appears to be the case, according to these terms and conditions.
Why this addition of data? If the company bought by Elon Musk in October 2022 highlights the ” fight against identity theft attempts and security, a potential legal action could explain this change. Last July, a class action proposes to target, in the United States, the parent company of X. And it is precisely the collection of data that would violate a local law, that of the State of Illinois on the confidentiality of biometric information. According to the appeal, X “ did not adequately inform individuals » the collection or storage of biometric identifiers of users, which would be contained in each photograph. Each image that ends up on the social network would be scanned in order to identify, among other things, potentially pornographic content. It is during this scan that this data would be collected. The modification of the general conditions would therefore aim to respond to this possible legal action.
Biometric verification devices, the trend of the moment?
Another hypothesis: X would only follow the current trend, which is to set up biometric verification devices to reinforce security on the platforms. Instagram has already introduced a selfie-based system to verify the age of users in the UK. TikTok already collects biometric data in the United States. Its privacy policy states, for example, that the platform can, since 2021, “ collect biometric identifiers and biometric information as defined by US laws, such as face and voice scans “.
X may also have made this change to the rules of use, because it plans to implement a passkey system, according to application developer Steve Moser. This authentication method allows you to connect to your accounts in complete security, without having to enter a password.
Read also: Thanks to “passkeys”, Google signs the “beginning of the end of passwords”
“A dangerous precedent” for this expert
The collection as well as the holding of such data by private companies is not without worrying certain experts. While using this type of data for authentication purposes can provide a more secure and convenient login for users, it also poses privacy risks. Because while credit card numbers can be changed if hacked, a person’s biometric information cannot. How to ensure the security of this data, which is particularly sensitive?
For Jacopo Pantaleoni, former engineer and researcher at Nvidia interviewed by Fortune, the question goes beyond the issues of identity theft. ” X’s plan to collect biometric data (…) sets a dangerous precedent “, he is alarmed. ” The danger is twofold. If the use of this type of biometric identification becomes widespread, the result could be a system in which it becomes virtually impossible to remain anonymous on the Net, further eroding the very notion of online privacy. “, he adds to our colleagues. However, the use of these biometric data ” will invariably lead to the development of even finer and more precise methods of targeted advertising and tailored information distribution “, he believes.
The updated Terms of Service includes two other changes. X would first prepare to collect information relating to the professional background of users. This is not necessarily surprising: Elon Musk, boss of the platform since October 2022, has repeated several times that he wants Twitter to become a super-App like the Chinese platform WeChat, with a section dedicated to recruitment. . As a result, it is written in black on white that the information relating to ” your work experience, academic background and job search history could be taken. This data would then be shared with employers. The job search function is already available in beta in the United States, but no launch date is yet planned in Europe.
Last element updated in the new privacy policy: the fact that information normally collected for the purpose of targeted advertising, could be used to ” train machine learning or artificial intelligence models (of X) (…) “, said the platform.
If you are an X user, there is an easy way to find out what data X has access to. Go to the application settings (“Settings”), then to ” Privacy and Security »: you will then see all the information collected by the social network, which you can uncheck one by one.
Read also: Smart cameras during the Paris Olympics: “People will be used as guinea pigs”, deplores La Quadrature du Net
Twitter privacy policy