FaceApp and the Brazilian Data Protection Law
FaceApp quickly became popular in Brazil by allowing users to change their photos and project an aged image of themselves. As a consequence of the current social and legal scenario, focused on the implications of technology, the new filter service was severely criticized because of the content of its privacy terms and conditions.
Among standard clauses included in numerous digital contracts, which allow the storage of photos and sharing of information between companies belonging to the economic group of the app’s owner – Wireless Lab -, the privacy terms also authorized FaceApp to collect data from users’ actions in emails sent by the company and within the application itself. Therefore, several questions arose about the adequacy of this app to the new Brazilian Data Protection Law, which will enter into force in 2020.
In this regard, it should be highlighted that FaceApp presents considerable transparency regarding the treatment of its users’ personal data which, although unusual in application providers’ terms and conditions, describes the information collected and how they are used by the app.
However, by asserting that user information may be handled in the United States, the app’s privacy policy does not ensure what measures will be taken to comply with Brazilian law, which would be required since the United States does not have a federal data protection law. In addition, FaceApp’s terms do not address satisfactorily the protection of personal data of minors under 18 years old, limiting their provisions in this area to children under 13 years old.
Considering the above, FaceApp is another service among many others that process personal data in an extensive way. Regarding its adequacy to the Brazilian Data Protection Law, the concern should be directed to how users’ consent is obtained, if clear and well informed, the purpose and adequacy of data collection and processing, instead of only the amount of data being collected and used by the platform.