MAC Lawsuit Reveals Hidden Privacy Risks in AI Beauty Tools — What You Need to Know

You’ve probably used a virtual try-on to test a lipstick shade or see how a foundation matches your skin. These AI‑powered tools feel convenient and fun. But a recent lawsuit against MAC Cosmetics has brought to light a less glamorous side: the collection and possible misuse of your biometric data without clear consent.

Here’s what happened, why it matters for anyone who uses beauty apps, and how you can protect your privacy.

What happened

In June 2026, a class action lawsuit was filed against MAC Cosmetics alleging that the company’s virtual try‑on tools collected consumers’ face scans without obtaining proper consent. The lawsuit, reported by Personal Care Insights, is based on the Illinois Biometric Information Privacy Act (BIPA), a state law that requires companies to inform and obtain written permission before collecting biometric identifiers such as face geometry.

According to the complaint, MAC’s AI‑powered try‑on features captured detailed facial maps when customers used them on the brand’s website or app. The lawsuit argues that this data was retained and potentially shared with third parties for purposes like improving algorithms or targeted advertising – all without users realizing their face scans were being stored.

MAC is not the first beauty brand to face such legal action. Similar BIPA lawsuits have been filed against other companies using facial recognition technology for virtual makeup try‑ons. The MAC case highlights a pattern in the industry: AI beauty tools often promise real-time, ephemeral use, but the backend may store and process biometric data indefinitely.

Why it matters

Your face is uniquely identifiable. Biometric data – such as the geometry of your face, skin texture, or even a voiceprint – cannot be reset like a password. If a company collects and later suffers a data breach, those scans are compromised permanently.

Many consumers assume virtual try‑ons only work while the camera is active. In reality, the tool may capture multiple frames, analyze skin tone, detect facial features, and store that data for “improving performance” or “personalizing ads.” Privacy policies often bury these details in dense legalese. The MAC lawsuit shows that even well‑known brands may not be fully transparent about how long they keep your data or who they share it with.

Beyond legal liability, there’s a broader concern: the same facial recognition models trained on beauty app data could be repurposed for surveillance or identification without your knowledge. Regulatory frameworks vary by state and country, and many regions still lack strong protections for biometric information.

What readers can do

You don’t have to stop using virtual try‑ons entirely, but you can take several practical steps to reduce your risk.

  1. Check app permissions. On your phone, go to Settings > Privacy > Camera or Face ID. Revoke camera access for any beauty app you don’t actively use. Only allow access when you’re actually using the try‑on feature – many apps request continuous access that isn’t necessary.

  2. Read the privacy policy – but focus on the data practices section. Look for words like “biometric,” “facial geometry,” “skin scan,” or “retain.” If the policy says data may be stored after you close the app or shared with “partners,” treat it as a red flag.

  3. Use temporary filters, not apps that save scans. Web‑based try‑on demos that run entirely in your browser without uploading data are generally safer than dedicated apps that require account creation and data storage. Favor tools that process everything locally and claim not to retain images.

  4. Opt out of data sharing. Many beauty apps offer a “Do Not Sell My Personal Information” link (often required by California law). Use it. Also decline any prompts to share data for product improvement or advertising.

  5. Delete unused beauty apps. If you downloaded a virtual try‑on for a single product and haven’t opened it since, remove it. Each app is another potential data collector.

  6. Consider the brand’s reputation. Before using a new try‑on tool, a quick search for “[brand name] biometric privacy lawsuit” can reveal past issues. Companies that have already faced litigation may have tightened their practices, but it’s worth knowing the history.

Sources

  • Personal Care Insights, “MAC lawsuit highlights privacy risks in AI beauty tools, says expert” (June 23, 2026)
  • Illinois Biometric Information Privacy Act (BIPA) – 740 ILCS 14
  • Previous BIPA class actions against beauty and tech companies (e.g., Facebook, Ulta Beauty, Snapchat) serve as precedent for similar claims.

The MAC lawsuit is a reminder that convenience often comes with a data trade‑off. By staying informed and adjusting how you interact with AI beauty tools, you can enjoy the technology while keeping your biometric information under your control.