A politician in the US has asked FBI to look into the data privacy credentials of FaceApp, a popular new smartphone programme that alters users’ selfies to make them look younger or older.

Senate minority leader Chuck Schumer has flagged up the trend, which has seen millions of madcap consumers share wizened versions of their own faces onto social media, as it involves the app’s 80-million-strong following handing over their photos and personal data to a Russian-owned company.

In a tweet published on 17th July, Mr Schumer said:

“BIG: Share if you used #FaceApp: The @FBI & @FTC must look into the national security & privacy risks now Because millions of Americans have used it It’s owned by a Russia-based company And users are required to provide full, irrevocable access to their personal photos & data.”

In an open letter attached to the tweet, Mr Schumer expressed his “concerns” that the app “could pose national security and privacy risks for millions of US citizens.”

“User’s must provide the company full and irrevocable access to their personal photos and data. According to this privacy policy, uses grant FaceApp licence to publish or use content with the application including their username, or even their real name, without notifying them or providing compensation,” he wrote.

“I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it. Face apps location in Russia raises questions regarding how and when the company provides access to the data of Us citizens to third parties, potentially foreign governments,” he added.

While FaceApp has denied any allegations of data misuse, privacy concerns over the security of the Russian-based developer have grown steadily among experts.

“In the age of facial recognition technology as both a surveillance and security use, is essential that users have the information they need to ensure their personal and biometric data remains secure,” Mr Schumer ended.

The firm, based in St Petersburg, claims that images uploaded to FaceApp are not stored permanently and that the app does not harvest data.

In a statement reported by TechCrunch, the company declared:

“FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
We don’t sell or share any user data with any third parties.
Even though the core R&D team is located in Russia, the user data is not transferred to Russia.”
Even so, Mr Schumer has articulated his “serious concerns” for data protection and has asked to the FBI and Federal Trade Commission in the States to investigate FaceApp.

His appeal comes in the wake of an advisory coming from the Democratic National Committee, warning 2020 presidential candidates and their campaigners to avoid using the app.

Security officer, Bob Lord, reportedly told staff:

“It’s not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks.”


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/


comments powered by Disqus