X (formerly Twitter) moves forward with new infrastructure changes as it continues its transformation into a one-stop-shop social platform for users.
X is currently implementing two new changes to its recently updated privacy policy, which will allow the platform to begin collecting a user’s biometrics, vocational information, and employment history.
While not very clarifying, the updated privacy policy adds two additional categories to the existing policy: biometric information and job applications/recommendations.
The updated policy, that comes into effect on September 29states that X with a user’s permission:
- Collect and use their biometric information – facial recognition, fingerprints, iris scans, etc. – for “safety, security, and identification purposes.” However, it doesn’t go into how it intends to collect that data or what it will do with that information.
- Collect and use your personal informationspecifically: “employment history, educational history, job preferences, skills and abilities, search activity, and involvement in job search… to recommend potential jobs for you, to share with potential employers when you apply for a job, to enable employers to find potential candidates and to show you more relevant ads.”
This comes at an interesting time for X (and the industry), as legitimate concerns around biometric data collection continue to worry regulators and legislators.
In July, X Corp. named in a class action lawsuit for violation of the Illinois Biometric Information Privacy Act (“BIPA”).
Under BIPA, an individual or entity such as X cannot access and/or retain possession of an individual’s biometric data unless it:
- Notify that individual in writing that biometric identifiers or information will be collected or stored;
- Inform that individual in writing of the specific purpose and duration for which such biometric identifiers or information will be collected, stored and used; And
- Obtain written consent from the individual for the collection of his or her biometric identifiers or information.
It should come as no surprise that the Illinois legislature has previously ruled (and codified) that “biometrics are different from other unique identifiers used to access finance or other sensitive information” and therefore may not be sold, rented, traded or otherwise profited.
That same month, OpenAI’s Sam Altman debuted his latest ambitious attempt to capitalize on artificial intelligence (AI) with Worldcoin, a blockchain-based global verification system that proves our “humanity” through an eyeball-scanning “sphere.”
The Andreessen Horowitz-backed startup, which has already raised nearly $250 million, has already seen its first wave of success and signups, most recently in Argentina after signing a record daytime 9,500 Argentines. Despite this, the premature technology that requires users to give up their biometrics in exchange for a digital currency that doesn’t really exist yet has privacy enthusiasts and regulators rightfully concerned that it poses a threat to the economy and national security.
Are my biometric data safe?
Last month, Kenya, one of the participating countries, suspended approval of Worldcoin as the government conducted an extensive investigation into its data collection practices.
Unfortunately, given that biometrics are unique to each individual and cannot be “returned” once shared with a third party, the individual has no legal option to ever be “compensated” or back in the position they are in. would have found. before submitting that information. In other words, identity theft and fraud are very likely to occur where the only action is for the individual to withdraw their consent to that particular service or transaction.
A recent article from The edge referred to iOS developer Steve Moser and his recent blog post about Twitter and LinkedIn working to support “Passkey” – a new passwordless authentication standard developed by the nonprofit FIDO Alliance and the World Wide Web Consortium.
First introduced by Apple, “passwords” can use your biometrics (facial recognition, fingerprints or custom PIN) to log into your account(s), eliminating the need for a user to remember or even type their password . public-key cryptography, Passkey creates a secure link between the user’s device and a third-party website or mobile app.
However, the FIDO Alliance claims that password technology is more secure than traditional password encryption. Specifically, it believes that this biometric data “remains on the device and is never sent to a remote server.”
That sounds great, but how can consumers be sure? Exactly the problem.
X’s current privacy policy does not include these two new types of data collection.
As X moves into new areas of data collection, it faces the dual challenge of maintaining user trust while complying with evolving privacy regulations – especially given the highly controversial changes that CEO Elon Musk has continued to make (impression-based payouts and allowing political ads from candidates ahead of the 2024 US election), positioning the former Twitter platform as a pure ‘pay to-play ecosystem fueled by Musk’s personal biases.
Editor’s note: This article was written by a staff member of nft now in collaboration with OpenAI’s GPT-4.