FaceApp and Personal Data, Hadn´t We Talked About This Already?

Christian F. Espinosa Velarde    18 September, 2020
FaceApp and Personal Data, Hadn´t We Talked About This Already?

Hadn’t we already talked about this? The comeback of applications like FaceApp and the fuss caused by the photos generated, in which their users can appear as women being men, as men being women or change their age and other aspects of their appearance, is equal to the fuss they caused when they first showed up and became a worldwide trend.

Likewise, the alarm raised by experts in cybersecurity and privacy and personal data protection is nothing new. In regard to the risks of sharing our image for the immense technological machinery behind the application. Haven´t we learned anything then? Have the voices of all these specialists and experts fallen on deaf ears? It would seem so, because once again, thousands of users (if not more) are still using these applications.

To come clean about this, we should understand what happens to our data. While today it’s all fun, in the future, with advances in facial recognition and the use of biometrics, our faces will increasingly be used as passwords to access different devices and services, some with more sensitivity than others.

Associated Risks and Data Protection

The associated risks and attacks that can arise from the use of these applications are quite complex. Phishing can lead to much larger consequences, such as the theft of large amounts of confidential data. As well as money, in the case of many financial institutions that already use facial recognition for access to their mobile applications, for example. This problem would be even worse if the users who deliver their image held managing positions in companies or governments.

Now, is it really necessary to recall the problems encountered in the terms and conditions of use and privacy policies of these applications? Let’s say yes and no. These policies have changed, to some extent, for the better, but they are still not risk-free (nothing is, in fact). It is true that users are considering these documents more and more. However, these still use rather far-fetched language (even for a lawyer), which leaves a bad taste in the mouth when talking about applicable principles in the field of personal data protection. The principle of transparency establishes that legal notices must be simple and easy to understand, and even establishes that there must be a real informed, express and explicit consent. These principles we are talking about are not up from nowhere, they are actually established in the General Data Protection Regulation, the standard in terms of personal data protection.


While there are improvements in the legal aspects of this type of application, we need to consider the more practical aspects as well. The lesson to be learned is that we must be much more careful and responsible in the use of our personal data, since it is not a commodity that can be traded. Every piece of information form part of our identity, however small it may seem.

After this brief comment, I hope not to fall back into this cyberdéjà vu and I would love not to have this conversation again in the future.

Leave a Reply

Your email address will not be published.