Elon Musk’s X plans to collect your biometric data and job history

A phone displays the Twitter account for Elon Musk, showing the new logo for Twitter (Yui Mok/PA) (PA Wire)
A phone displays the Twitter account for Elon Musk, showing the new logo for Twitter (Yui Mok/PA) (PA Wire)

X, the social network formerly known as Twitter, has updated its privacy policy to include the collection of what is known as “biometric data”.

Biometric data is data involving an individual’s body, such as scans of the eyes, the face, or fingerprints.

X has confirmed the policy change to Bloomberg but refused to confirm what type of biometric data it intends to collect.

In addition, Twitter now also wants to gather users’ employment history, educational history, and job search history” to “recommend potential jobs”, according to the recent policy update. 

The changes are set to come into effect from September 29 onwards.

The policy change follows allegations that the social media giant has unlawfully collected the biometric data of users in the U.S. state of Illinois in the past.

A suit filed in July alleged that X “has wrongfully captured, stored and used Illinois residents’ biometric data, including facial scans, without consent”.

The plans to collect biometric data could also be linked to efforts to rid the platform of bots. Elon Muskvowed to purge the platform of up to 1.5 billion bots back in December 2022, and stricter identity verification could be a way to do that.

The news comes as Musk may also be looking to turn the platform into an “everything app”, that will see X incorporate additional features, for job hunting and payments.

A new product, called “X Hiring”, is set to hit beta soon, and will allow companies to publish job ads, like on LinkedIn.

The decision to start collecting biometric data could also relate to the proposed plans to introduce what are known as “PassKeys”.

App developer and blogger Steve Mosser has speculated that Twitter is looking to introduce PassKeys, a type of new passwordless authentication standard, which would mean that users no longer need to remember their passwords.

The introduction of passkeys could potentially be protective against certain types of cyberattacks such as phishing, where cybercriminals use phoney emails, impersonating co-workers for example, to collect login details.

Alex Laurie, a senior vice president at U.S. cybersecurity firm ForgeRock, argued that X’s latest move suggests a shift towards stronger identity verification for its users.

However, the exec warned that “this could spell significant trouble for the company”, saying: “UK consumers rank social media firms as one of the most distrusted types of organisation to handle credentials and online identity.”

He added: “Consumers are highly cautious when providing identity information, and 44 percent of X users in the UK would quit using the platform entirely if identity verification was required. Highly personal data like biometrics can open the door to serious misuse, and it will be very interesting to see how this situation develops.”