Why do apps like FaceApp want your data and what do they do with it?


Listed in Brazil´s PlayStore as the main free application of July, surpassing the 1 million downloads mark, FaceApp is the new social media fever.


Created by the Russian company Wireless Lab, the app is a tool for editing and applying image filters. In editing models there are possibilities to change hair colors, apply makeup or beard and mustache styles, rejuvenate, grow old, change gender, among others. The app’s artificial intelligence system promises to find “the best style for you”.


However, its operation has raised a new debate around privacy standards throughout the world. After all, what data are they collecting and what do they do with them?


Privacy Policy

The FaceApp Privacy Policy provides little information about what data is collected and what its possible uses could be. According to the document, photos and “other materials” are accessed, not specifying which materials they are. The company adopts data analytics services to “measure service consumption trends,” which can lead to partner marketing campaigns.


“These tools collect information sent by your device or our service, including the pages you access, add-ons and other information that help us improve the service”, the document continues. Tracking mechanisms are also used, such as cookies, pixels, and beacons, which send data about the navigation to the company and its partners.


Through these technologies, navigation becomes completely tracked. According to the company, this volume of information is gathered without the person being identified. “We collect and use this analytical information so that it cannot reasonably be used to identify any particular user.” The company also inserts mechanisms to identify what kind of device you are using, whether a smartphone, tablet or desktop computer.


The privacy policy states that the information is not sold or marketed, but lists to whom the gathered information may be shared, including companies in the group that controls FaceApp, who may also use it to improve their services. In short: You deliver the information to FaceApp, but you may be sharing it with several other companies as well.


The director of the organization Coding Rights, Joana Varon, evaluates that the use of the app brings a series of risks and violates the Brazilian legislation stating that it may be governed by laws of other countries, including the 11th Article of the Civil Internet Framework.


She says this results in a serious problem since facial recognition technologies have the potential to be used in abusive ways. Concerns about the limits of ethics and privacy have led cities to ban such resources, like San Francisco, in the United States, and Sao Paulo, which banned the use of this technology in the subway.


“Privacy has already been considered the right not to disturb people. Today, the concept goes beyond the protection of personal data, viewed as an extension of personality, therefore an inalienable right of every individual. ”, explains Eduardo Morelli, Chief Data Officer at Zoox Smart Data. “That’s why the topic is so important. Data can destroy reputations, ruin careers, sour marriages. ”


Data Trading

The coordinator of the Research group Critical Studies in Information, Technology and Social Organization of the Brazilian Institute of Information in Science and Technology (IBICT), Arthur Bezerra, says:


“Although platforms like Google and Facebook have a huge range of data about us, each company seeks to form its database.”


As noted earlier, FaceApp’s privacy policy says nothing about what would happen to user data if it stopped using the service. What if FaceApp was hacked? What if it was sold? The data contained there is more valuable than any cost the user would have to use the filters.


Admittedly, log in through Facebook should be avoided. After using the app, check the permissions you have given it on your phone system and disable them.


The General Data Protection Act (GDPR), passed in 2018 and coming into effect in August 2020, would also conflict with the application as it will establish some principles that should further explain personal data collection as well as their future possible uses.