How Illinois’ Unique Biometric Data Laws Puts TikTok in Hot Water

By: Beth Fegan


In the onslaught of stories making headlines in 2020, TikTok has emerged as a contender for the most polarizing app in the digital age. If you don’t have TikTok on your smartphone (or monitor it on your kids’ phones), then it’s likely you may have heard about the video-based app in countless news stories. Recently, President Trump has even voiced his desire to ban the app from the market entirely.

The President’s reasoning for the ban focuses on fears about the relationship of data sharing between TikTok’s parent company, ByteDance, and the Chinese government. One government brief called the app a “mouthpiece for the CCP,” alleging that the app uses American user data to promote the Chinese Communist Party’s agenda.

Though there is much dissent and confusion around the President’s decision, the protection of user data is becoming an increasing concern for users of all digital apps and interfaces. In fact, trending documentaries like The Social Dilemma demonstrate that more and more Americans are becoming cognizant of technology’s influence – and intrusion – into our lives.


User Privacy in America: Illinois’ Sole Position in the Privacy Field

With an increased awareness of possible injustices surrounding data privacy, more people are looking to the law for answers. Though there is not a widespread federal policy applicable to apps, many states do have laws surrounding data privacy – with varying degrees of rigidity. Essentially, this means that in lieu of full-scope federal laws, the United States is home to a patchwork of hundreds of data privacy laws across states and localities. Within that patchwork, there are just eight states with biometric statutes or expanded privacy laws that include biometric identifiers: Washington, Oregon, California, New York, Arkansas, Texas, Louisiana and Illinois.

Biometric data – or data used to digitally identify a person, including face scans, fingerprints, retinal scans, hand shape, or voice recognition – is still an emerging sector of data privacy litigation. Illinois is a leader in the biometric data privacy field, as the only state that addresses the private right of action under the Biometric Information Privacy Act (BIPA). Illinois was also the first state to adopt biometric privacy laws back in 2008.

Private right of action is unique in that a person doesn’t need to prove harm to sue under BIPA. The harm in collecting your unique biological identifiers is presumed – a company need only have violated the Act by improperly using or storing data to merit legal action, a precedent most recently upheld by the 2019 decision from the Illinois Supreme Court, Rosenbach v. Six Flags Entertainment.


TikTok and the Ongoing Questions of Data Privacy

Importantly, BIPA can be applied to companies headquartered throughout the United States if information was collected from Illinois residents. Under the Act, companies and organizations are required to disclose or obtain consent for the collection, use or storage of user data, why it is collecting the data, who has access, or how long it will be retained. As we closely monitored the trends and discussions around data privacy, the question of data privacy on TikTok was of special interest to our team at FeganScott, considering that we’ve worked with BIPA for many years.

Since questions continue to swirl about TikTok’s use of data, we began an investigation into how TikTok may have violated user privacy, especially for the nearly 12.8 million citizens of Illinois who are protected under BIPA.

In June 2020, FeganScott filed a class action lawsuit on behalf of consumers against TikTok, and its parent company, ByteDance, Inc. Our suit claims that the app surreptitiously collects, uses, and stores users’ facial geometry, which is private, legally protected biometric information.

In addition to the personal information that users knowingly and unknowingly provide to TikTok, the company also collects information about the user from third parties, such as Facebook and advertising companies, as well as information provided by other TikTok users, the suit alleges.

Further, the suit notes that the FTC found that TikTok was “directed to children” based upon the app’s “subject matter, visual content, music, and the presence of child celebrities or celebrities who appeal to kids,” and that the company had “actual knowledge” that it was collecting personal information from children.

The suit seeks to represent all consumers who have downloaded the TikTok app and are concerned about the use and storage of their biometric data.

As we look to the future of data privacy and protections, we know that the law will only continue to evolve, and at FeganScott, we’re prepared to advocate for consumers every step of the way. Whether we’re facing TikTok or a new app only just being designed, you can count on our team to use a nuanced and fearless approach to protect your privacy and take on large companies.


If you are an Illinois resident who uses TikTok or are concerned about the collection of your biometric information from another company, please call us at 630.273.2625 or complete our online form and we will get back to you as soon as possible for a free, no obligation consultation with our firm.