AI Beauty Tools Are Collecting Your Face Data: What the MAC Lawsuit Means for Your Privacy

If you’ve ever used a virtual try-on tool to test a lipstick shade or a foundation color, you’ve handed over something more personal than your email address: an image of your face. A recent lawsuit against MAC Cosmetics has brought renewed attention to how beauty apps collect and handle that data, and the case is worth understanding even if you’re not a MAC customer.

What Happened

In June 2026, a proposed class-action lawsuit was filed against MAC Cosmetics, alleging that the company’s AI-powered virtual try-on tools collected and shared users’ biometric data without proper consent. The suit claims that when customers used the “try on” feature on MAC’s website or app, the software captured detailed facial scans—including measurements of facial geometry, skin tone, and other physical features—and transmitted that data to third parties for analytics and advertising purposes. MAC has not yet filed a formal response, and the case is ongoing.

The legal claims rely in part on the Illinois Biometric Information Privacy Act (BIPA), one of the strongest state laws governing biometric data. BIPA requires companies to obtain written consent before collecting biometric identifiers such as face scans, and to disclose how that data will be stored and used. Several other states, including Texas and Washington, have similar laws, but enforcement varies widely.

Why It Matters to You

Virtual try-on tools have become standard on beauty brand websites and apps—Sephora, L’Oréal, Estée Lauder, and many others offer them. They feel fun and low-stakes, but they work by mapping your face in real time. That means the app is processing a 3D model of your face and extracting details like your skin texture, eye shape, and even your emotional expression in some cases.

The Privacy Risks Include:

  • Data collection you didn’t explicitly authorize. Many privacy policies bury biometric data collection in long terms of service. You might agree to “analytics” without realizing that includes sharing your facial scan with third-party ad tech companies.
  • No guarantee of deletion. Even if you delete the app or the website cache, the company’s servers may retain your biometric data indefinitely.
  • Risk of data breach. Biometric data cannot be reset like a password. Once a face scan is leaked, it’s leaked forever. Facial recognition databases can be used for surveillance, identity theft, or impersonation.
  • Lack of transparency. It is often unclear exactly what data is collected, who has access, and how long it is kept. MAC’s lawsuit alleges that the company did not clearly inform users that their face data would be shared outside the tool itself.

The core issue is not that beauty tools are inherently malicious—it’s that the industry has largely treated facial scans as just another form of behavioral data, without the extra care that biometric information deserves.

What You Can Do Right Now

You don’t need to abandon virtual try-ons entirely, but you can take a few steps to reduce your exposure.

1. Read (or at least skim) the privacy policy before using the tool. Look for specific mentions of “biometric data,” “facial recognition,” “face map,” or “skin analysis.” If the policy does not clearly explain what data is collected, how it is stored, and whether it is shared with third parties, treat that as a red flag. Many companies now have a dedicated “Privacy Notice for Virtual Try-On” section.

2. Opt out of data sharing for advertising. Most beauty apps have a separate cookie or tracking consent banner. Decline “personalized ads” or “analytics sharing” if you can. Even better, use the tool in a private browsing window that does not persist data after you close it.

3. Use the web-based version instead of the app. Mobile apps often have broader permissions—accessing your camera, location, even other apps’ data. A web version may limit data collection to the session itself. But verify: some web-based try-on tools still upload images to a server for processing.

4. Consider offline or less invasive alternatives. If you only need to see how a shade looks, many brands still provide physical testers (now back in many stores after pandemic restrictions) or offer high-quality photos of the product on different skin tones. Some apps, like YouCam Makeup, allow you to try on looks without creating an account, though you should still check their privacy settings.

5. Know your legal rights. If you live in Illinois, you have specific protections under BIPA. In other states, ask your state attorney general whether biometric privacy laws apply. If a company collects your face data without proper disclosure, you may have a legal claim.

What to Look for in a Privacy Policy (Quick Checklist)

  • Does it mention “biometric data,” “facial geometry,” or “facial recognition”?
  • Does it explain how long data is kept? (Look for a specific timeframe, not “as long as necessary.”)
  • Does it name any third-party companies that receive the data? (Common players are Modiface, Perfect Corp., or Google Cloud Vision.)
  • Does it give you a way to request deletion of your data?
  • Is the policy written in plain language, or does it rely on vague phrases like “we may share with our partners”?

If you cannot find clear answers, assume the tool is collecting more data than you want to share.

Sources and Context

  • The MAC lawsuit was filed in June 2026 in U.S. District Court and cites violations of BIPA and other state privacy laws. Updates have been reported by Personal Care Insights and other industry publications. As with any ongoing case, the allegations are currently unproven in court.
  • The Illinois Biometric Information Privacy Act (740 ILCS 14) is one of the strongest state biometric laws. It allows individuals to sue for statutory damages of $1,000–$5,000 per violation.
  • Several other beauty brands faced similar lawsuits in recent years. In 2023, a class action against Sephora over sharing user data with third-party trackers was settled for $1.2 million. Those cases did not involve biometric data, but they show the industry’s broader pattern of opaque data sharing.

Bottom Line

AI beauty tools can be fun and convenient, but they also collect deeply personal information—your face. The MAC lawsuit is a reminder that “free” virtual try-ons often come with a hidden cost. You don’t have to stop using them, but you should pause before hitting “allow camera access.” Take a minute to read the privacy policy, turn off optional tracking, and know that you have rights. When it comes to your face, a little caution goes a long way.