Privacy Commissioner Liboro on FaceApp: Do Not Be Afraid Of New Technologies

Notable improvements in the application’s privacy policy

The National Privacy Commission (NPC) has conducted an assessment of FaceApp, a mobile application that trended again on social media in the past week because of privacy concerns over its face-altering capability.

Users have been uploading their selfies on FaceApp for entertainment purposes. Through facial recognition technology, the app modifies photos according to certain presets or filters, such as gender swapping and age manipulation.

Upon assessment, the NPC found significant differences between the 2019 and 2020 versions of FaceApp’s privacy policies. The NPC first assessed the application in August 2019, while a second privacy assessment was conducted on June 23 this year.

The privacy policy of FaceApp underwent major overhaul over the past three years. In the current version, it is noticeable that both the European Union’s General Data Protection Regulation and the California Consumer Privacy Act required the developers to improve their privacy policy and provide specific legal bases for processing personal data as well as stipulate applicable data subject rights.

Whereas in the 2019 version, there was no mention of data subject rights and it only directed users to send it an e-mail if they have questions about the app’s privacy policy.

Third-party cloud providers

To process and edit photographs, FaceApp disclosed that it was using thirdparty cloud providers -- Google Cloud Platform and Amazon Web Services.

Only photographs specifically selected for editing are uploaded to the cloud, where they are temporarily cached during the editing process and encrypted using a key stored locally on the user’s mobile device.

Opting out, permissions

In contrast, the 2020 version provides users choices, such as opting out, device permissions, cloud processing, cookies, targeted online advertising, choosing not to share one’s personal information and third-party platforms.

The assessment has also found that the 2020 FaceApp version no longer requires users to disclose their mobile number and Facebook login information for identity verification.

The Privacy Commissioner’s reminder to the public

In general, the NPC reminds users to take precautions before uploading selfies and other photos to social media. If abused or misused, these seemingly harmless actions may expose users to data privacy risks, such as unauthorized access, processing and malicious disclosure due to negligence.

“Do not be afraid to explore new technologies but use it with caution. Report abuse if any.” Privacy Commissioner Raymund E. Liboro said. “The public must not immediately give in to privacy panics. Rather, we should read and learn how to analyze privacy notices and policies. Ask yourself, is the app and developer being fair by providing choices and notices? These privacy notices are the window to transparency on how companies and developers will protect your data and rights.” he added.

The NPC is also reminding companies of their responsibilities over face- recognition activities on their platforms, including preventing the abuse or misuse of their customers’ personal data.

# # #