MAC Lawsuit Exposes Privacy Risks of AI Beauty Tools – Here’s How to Protect Your Data

If you’ve ever used a virtual try-on tool to test a lipstick shade or see how a foundation looks on your skin, you’re not alone. Millions of shoppers use these AI-powered features every year. But a new lawsuit against MAC Cosmetics raises a question many users never stop to ask: What happens to the data these tools collect?

The suit, filed over MAC’s virtual try-on feature, alleges the company collected and stored users’ facial biometric data without proper consent. While the case is still unfolding, it highlights a privacy gap that applies to many beauty brands and the apps they offer.

What the MAC Lawsuit Alleges

MAC is owned by Estée Lauder, and its virtual try-on tool uses facial mapping technology to apply makeup effects in real time. According to news reports, the lawsuit claims that MAC’s tool collected biometric information — such as the unique geometry of a user’s face — and stored it without clear disclosure or opt-in consent. In some cases, the data was allegedly shared with third parties for analysis or advertising purposes.

The specifics of where the case was filed and the exact legal claims are not fully detailed in public reporting, but the core issue is one many privacy advocates have warned about: consumers often have no idea how their facial data is being collected, stored, or sold.

How AI Beauty Tools Collect Your Data

Virtual try-on tools rely on computer vision and machine learning to map facial features. When you point your phone or webcam at your face, the software identifies key points — eyes, nose, lips, jawline — and tracks how they move. This creates a “faceprint,” a digital signature that is as unique as a fingerprint.

That data is usually sent to a company’s servers for processing. Even if you don’t create an account, the tool may still capture and store your image or the derived biometric data. The privacy policies of many beauty apps are lengthy and often allow data sharing with analytics firms, ad networks, or parent companies.

Privacy Risks You Should Know

Biometric data is particularly sensitive. Unlike a password, you can’t change your face after a breach. If a company’s database is hacked, your facial data could be used for identity theft, unauthorized surveillance, or even to bypass biometric locks on other services.

Other risks include:

  • Lack of informed consent – Many users are not clearly told that their face is being recorded and stored.
  • Third-party sharing – Data may be sent to marketing partners or data brokers without explicit permission.
  • No right to deletion – Some tools do not offer a way to delete your facial scans after use.
  • Vague retention policies – Companies may keep your data indefinitely, even after you stop using their app.

These risks are not unique to MAC. Similar concerns apply to virtually any AI-powered beauty tool, including those from major brands and independent apps.

Steps to Protect Your Privacy When Using Virtual Try-Ons

You don’t have to stop using these tools entirely, but you can take practical steps to limit your exposure.

Check the app’s privacy policy before using it. Look specifically for sections on biometric data, facial recognition, and data sharing. If the policy is unclear or allows broad third-party sharing, consider skipping the tool.

Use a demo mode or guest access. Many brand websites let you try products without creating an account. Avoid logging in with social media accounts, which can link your facial data to your online profile.

Disable camera permissions after use. On your phone or browser, revoke camera access for the beauty tool once you’re done. This prevents the app from collecting data later without your knowledge.

Delete your images when possible. Some tools offer a “delete my data” option in their settings. If not, contact customer support and ask to have your facial data removed.

Consider offline alternatives. If you only need to see a color, look for reference photos or read reviews rather than using a live camera try-on.

Be wary of apps that require an account. If a beauty tool forces you to register, ask yourself whether the convenience is worth the privacy trade-off.

Your Rights and What to Do If Your Data Was Misused

If you’ve used MAC’s virtual try-on or any similar tool, you may have rights depending on where you live. Under the Illinois Biometric Information Privacy Act (BIPA), for example, companies that collect biometric data must get written consent and have a clear retention policy. Several states and countries have similar laws.

If you believe your data was collected without proper consent, you can:

  • File a complaint with your state’s attorney general or a consumer protection agency.
  • Contact the company directly and request a copy of your stored data and its deletion.
  • Join or follow class-action lawsuits, which often provide options for affected consumers.

Even if you don’t plan to take legal action, being aware of your rights helps you make informed choices.

The Bottom Line

The MAC lawsuit is a reminder that the convenience of AI beauty tools comes with hidden costs — namely, your biometric privacy. The technology itself is not inherently bad, but the way companies handle the data often lags behind consumer expectations. Until regulations catch up, it’s up to each of us to read the fine print, limit permissions, and ask companies to be transparent about what they collect.

As the legal case develops, consumers should stay alert. Your face is not just a selfie — it’s sensitive data that deserves the same protection as your passwords and bank details.

Sources

  • MAC lawsuit highlights privacy risks in AI beauty tools, says expert – Personal Care Insights (June 23, 2026).
  • Additional context drawn from general privacy best practices and biometric data laws as of 2026.