NPC clears FaceApp, says app improved its privacy policy

Share on facebook
Share on twitter
Share on linkedin
Share on email

The National Privacy Commission (NPC) announced on Thursday, June 25, that it did not find anything malicious or violative of privacy laws on the new version of FaceApp, a Russian-made mobile app that trended again on social media in the past week over its face-altering capability.

Users have been uploading their selfies on FaceApp for entertainment purposes. Through facial recognition technology, the app modifies photos according to certain presets or filters, such as gender swapping and age manipulation.

Upon assessment, the NPC said it found significant differences between the 2019 and 2020 versions of FaceApp’s privacy policies. The NPC first assessed the application in August 2019, while a second privacy assessment was conducted on June 23 this year.

The NPC noted that the privacy policy of FaceApp underwent major overhaul over the past three years. In the current version, it is noticeable that both the European Union’s General Data Protection Regulation and the California Consumer Privacy Act required the developers to improve their privacy policy and provide specific legal bases for processing personal data, as well as stipulate applicable data subject rights.

“Whereas in the 2019 version, there was no mention of data subject rights and it only directed users to send it an e-mail if they have questions about the app’s privacy policy,” the agency said.

To process and edit photographs, FaceApp disclosed that it was using third-party cloud providers — Google Cloud Platform and Amazon Web Services. Only photographs specifically selected for editing are uploaded to the cloud, where they are temporarily cached during the editing process and encrypted using a key stored locally on the user’s mobile device.

In contrast, the NPC said the 2020 version provides users choices such as opting out, device permissions, cloud processing, cookies, targeted online advertising, choosing not to share one’s personal information and third-party platforms.

The assessment has also found that the 2020 FaceApp version no longer requires users to disclose their mobile number and Facebook log-in information for identity verification.

However, the NPC said users to take precautions before uploading selfies and other photos to social media. “If abused or misused, these seemingly harmless actions may expose users to data privacy risks such as unauthorized access, processing, and malicious disclosure due to negligence,” it said.

NPC chair Raymund Liboro said Internet users should not be afraid to explore new technologies but they should use it with caution and to report any abuse.

“The public must not immediately give in to privacy panics. Rather, we should read and learn how to analyze privacy notices and policies. Ask yourself, is the app and developer being fair by providing choices and notices? These privacy notices are the window to transparency on how companies and developers will protect your data and rights,” he said.

The NPC also reminded companies of their responsibilities over face-recognition activities on their platforms, including preventing the abuse or misuse of their customers’ personal data.

Facebook Comments

Join Our Newsletter! Zero spam, unsubscribe anytime!






Latest Posts

Archives