The MAC Lawsuit Exposes How AI Beauty Tools Put Your Privacy at Risk – What to Know

The MAC Lawsuit Exposes How AI Beauty Tools Put Your Privacy at Risk – What to Know

Virtual try-on tools for makeup and skincare have become a common feature on beauty brands’ websites and apps. You upload a selfie, the software maps your face, and you see yourself with a different lipstick shade or foundation. It is convenient, especially during a time when in-store testing is less appealing. But a recent lawsuit against MAC Cosmetics has brought a less visible issue into the spotlight: what happens to the data those apps collect from your face.

What happened

In June 2026, a proposed class action lawsuit was filed against MAC Cosmetics, a subsidiary of Estée Lauder. The suit alleges that the company’s virtual try-on tools collect users’ biometric data—including detailed facial scans—without obtaining proper informed consent. According to the complaint, this practice violates state privacy laws, such as the Illinois Biometric Information Privacy Act (BIPA), which requires companies to get written permission before gathering and storing biometric identifiers.

The lawsuit claims that when customers use the virtual try-on features on MAC’s website or mobile app, the software captures and processes characteristics like eye spacing, nose shape, skin tone, and face contours. This data, the suit argues, is not just used to render a digital makeover. It is stored on company servers and may be shared with third parties for analytics or other purposes—without clearly informing the user.

Why it matters

Facial data is unlike a password or a mailing address. Your face is unique to you, and once it is digitized, it can be used to identify you across platforms or even recreated without your knowledge. Unlike a credit card number, you cannot change your face if a database is breached.

Many beauty brands partner with third-party providers to power their try-on technology. Those providers may have their own data policies and security practices. The average user clicks “accept” on a lengthy privacy notice without reading it, assuming the images are deleted after the session. That is not always the case. Some companies store the raw images for machine learning training, product development, or future marketing. Others may sell anonymized data to advertisers.

Even when companies state that they do not sell data, the term “anonymized” is not a reliable safeguard. Researchers have shown that facial metadata can often be re-identified by cross-referencing with other databases. Once your biometric data is out there, controlling its use becomes nearly impossible.

What readers can do

You do not have to give up virtual try-ons entirely, but you can take steps to reduce your exposure:

• Check the privacy policy before using any beauty app or web tool. Look for explicit statements about whether images are stored, how long they are kept, and whether they are shared with third parties. If the language is vague, do not assume the best.

• Use device-based processing when possible. Some newer smartphones can run facial-mapping algorithms locally, without sending data to a server. For example, Apple’s ARKit and Google’s ARCore can handle virtual try-ons on the device. If an app claims to use on-device AI, that is generally safer than cloud processing.

• Opt out of data collection if the app offers choices. Many apps have granular privacy settings that let you disable analytics or marketing use. Take a minute to find them.

• Delete your account and images after you are done. Some services allow you to remove stored selfies manually. If the option is not obvious, contact customer support and ask for a deletion request.

• Use a standalone photo rather than a live feed. Instead of letting an app access your camera in real time, take a selfie, crop it to only your face, and upload it. You can also use a photo that does not show identifiable background details.

• Consider physical alternatives when data sensitivity matters to you. Swatching products in a store or buying sample sizes can be a reasonable option for high-stakes purchases.

Sources

Details about the MAC lawsuit are based on reporting from Personal Care Insights and publicly available court filings. The allegations have not been proven in court, and the company has not yet issued a detailed public response. Biometric privacy laws vary by jurisdiction; Illinois and Texas currently offer the strongest protections for consumers.

The underlying risk—that virtual try-on tools collect and retain facial data without adequate consent—is not unique to MAC. Any brand that uses similar technology may expose users to similar privacy concerns. The lawsuit serves as a reminder to read the fine print before you let an app see your face.