AI Beauty Tools Could Share Your Data: What the MAC Lawsuit Reveals

AI Beauty Tools Could Share Your Data: What the MAC Lawsuit Reveals

If you’ve used a virtual try-on feature to see how a lipstick shade looks on your face, or let an app scan your skin to recommend a foundation, you’ve handed over a detailed map of your facial features. A recent lawsuit against MAC Cosmetics, filed in 2026, alleges that the company collected facial data from users of its AI-powered beauty tools without proper consent. Whether or not the lawsuit succeeds, it highlights a privacy risk that applies to a wide range of beauty tech products — and one that most consumers never think about.

What happened

The lawsuit, which was reported by Personal Care Insights and other outlets, claims that MAC’s virtual try-on and skin analysis tools gathered biometric data from users without clearly explaining how that data would be used. Biometric data — such as facial scans, skin texture measurements, and eye spacing — is protected under some state laws, most notably Illinois’ Biometric Information Privacy Act (BIPA). BIPA requires companies to inform users in writing about the collection and purpose of biometric data and to obtain written consent. The lawsuit alleges that MAC failed to meet those requirements.

It’s worth noting that the lawsuit is still at an early stage, and MAC has not yet filed a formal response. The details may change as the case progresses. But the claims themselves are not unusual: similar lawsuits have been filed against other retailers and tech companies over the past few years, many of which have resulted in settlements or policy changes.

Why it matters for anyone using beauty tech

AI beauty tools are deceptively simple from a user’s perspective. You take a selfie, the app analyzes your face, and a moment later it recommends a product or shows you a simulated result. Under the hood, that process often involves mapping dozens of facial landmarks, measuring skin tone, and sometimes creating a 3D model of your face. This data can be valuable not only for improving the app’s recommendations but also for training the company’s AI models, personalizing advertisements, or even being shared with third parties.

Most privacy policies do disclose these practices — somewhere. But the information is often buried in long documents that few people read. A 2023 study by the Federal Trade Commission found that many beauty apps collect more data than users expect, including location, device ID, and browsing history tied to the facial scan. Because biometric data cannot be changed (unlike a password), a leak or misuse can have long-lasting consequences for identity theft or unwanted surveillance.

The MAC lawsuit also raises the question of whether users are giving “informed consent.” When you tap “Allow” on a pop-up that says the app needs camera access, you may not realize that your facial scan could be stored indefinitely, used to train algorithms, or sold to data brokers. Under BIPA and similar laws, that kind of vague permission may not be enough.

What you can do to protect your privacy

You don’t need to stop using beauty tools entirely, but a few habits can reduce your risk:

• Read the privacy policy — at least the key parts. Before you use a virtual try-on or skin analysis feature, look for a short summary of what data is collected and how it’s used. If the policy mentions “facial geometry,” “biometric identifiers,” or “third-party sharing,” take note. Many companies now include a “Privacy at a Glance” section.

• Use the tool without creating an account. Some beauty features are available on a brand’s website without requiring you to log in or register. If you can use them as a guest, your data may be less easily tied to a permanent profile. Even then, the company may still collect the data and link it to a device ID or IP address.

• Delete your photos and scans after use. Some platforms let you remove uploaded images from the server. Look for a “Delete” or “Clear history” option in the app settings. If none exists, you can contact customer support and ask. Not all companies honor such requests, but it’s worth trying.

• Opt out of data sharing for advertising. Many beauty apps include a toggle in their settings that lets you block your data from being used for targeted ads or AI training. It’s usually labeled “Do Not Sell My Personal Information” or “Interest-Based Advertising.” Turn it on if available.

• File a complaint if something seems off. If you suspect a company is collecting facial data without proper consent, you can report it to your state attorney general’s office or to the FTC. Under BIPA, individuals can also sue for violations in some cases.

The bigger picture

The MAC lawsuit is one of many cases pushing beauty companies to be more transparent about data collection. Some brands have already changed their practices: Sephora, for example, paid a settlement in 2022 over similar concerns and now provides clearer disclosures. The outcome of the MAC case could set a precedent for how facial data is handled across the industry.

For now, the safest approach is to treat any AI beauty tool as a potential data collector until you verify otherwise. The convenience of a virtual makeover is real, but it shouldn’t come at the cost of handing over a permanent blueprint of your face without knowing where it goes.

Sources: Personal Care Insights (2026 report on the MAC lawsuit); Illinois Biometric Information Privacy Act; Federal Trade Commission reports on beauty app data practices; Sephora settlement documentation (2022).