The MAC Lawsuit Shows How AI Beauty Tools Can Put Your Privacy at Risk: What to Do

The MAC Lawsuit Shows How AI Beauty Tools Can Put Your Privacy at Risk: What to Do

Virtual try-ons feel like magic. You point your phone at your face, and suddenly you’re wearing a different shade of lipstick or testing a new foundation. But behind the convenience, a growing number of consumers and regulators are asking a tougher question: what happens to the image of your face once the app finishes rendering?

A recent lawsuit against MAC Cosmetics has brought that question into sharp focus. The case alleges that MAC’s AI‑powered virtual try‑on tool collected and stored facial biometric data without proper consent. If you’ve ever used a beauty brand’s augmented reality (AR) mirror, this case is worth understanding—not because you need to panic, but because you deserve to know what you’re agreeing to when you let a camera scan your face.

What Happened

According to a report in Personal Care Insights, the lawsuit claims that MAC’s AI virtual try‑on tool captured users’ facial geometry, skin tone, texture, and other biometric measurements—and stored that data without clearly informing users or obtaining the consent required by law.

The complaint centers on Illinois’ Biometric Information Privacy Act (BIPA), one of the strongest state‑level privacy laws in the U.S. BIPA requires companies to get written consent before collecting biometric data (like face scans) and to publish policies explaining how that data will be retained and destroyed. The lawsuit argues that MAC failed on both counts.

It’s important to note that this is still a legal claim, not a final ruling. MAC has not admitted wrongdoing, and the outcome is uncertain. But the case has already drawn attention to a common practice in the beauty tech industry: using facial recognition to power virtual try‑ons, often without transparent data handling policies.

Why It Matters

AI beauty tools don’t just see a photo—they see a map of your face. A typical virtual try‑on app captures:

• Facial geometry (the shape and position of your eyes, nose, mouth)
• Skin tone and texture (used to match foundation shades)
• Unique characteristics (wrinkles, freckles, blemishes)

Unlike a password or an email address, your face isn’t something you can change if it leaks. Biometric data is permanent. If a company stores it insecurely, or sells it to third parties, the risk isn’t just a spam email—it’s identity fraud, unwanted surveillance, or profiling that you can’t reverse.

The MAC case shows that even well‑known brands may not be following best practices. The lack of clear consent mechanisms means many users unknowingly grant permission for their data to be stored, shared, or used for training AI models.

Regulations like BIPA were designed to force companies to be careful, but enforcement depends on lawsuits or state action. Outside Illinois, protections are weaker or nonexistent. The federal government has no comprehensive biometric privacy law, so consumers largely depend on individual company policies—and those policies are often buried inside long privacy notices that very few people read.

What Readers Can Do

You don’t have to give up virtual try‑ons entirely, but a few small habits can reduce your exposure:

1. Check the privacy notice before you use any AR beauty tool. Look for a section on “biometric data” or “facial recognition.” If the company doesn’t explain how long it keeps your data or whether it shares it, that’s a red flag.

2. Use apps that process data locally (on your device) rather than sending images to a cloud server. Some brands now offer offline try‑ons that never transmit your photo. Look for language like “on‑device processing” in the app description.

3. Limit permissions. When an app asks for camera access, grant it only when the try‑on tool is actively open. Revoke the permission after you’re done (iOS and Android both allow per‑session permissions).

4. Opt out of data storage if the app offers a choice. Some brands let you use a virtual mirror without creating an account or saving results. Take that option.

5. Use a generic photo when possible. A few tools let you upload a photo of someone else (or a privacy‑safe placeholder) to test shades. That keeps your own face out of the system.

6. Stay informed about your state’s laws. If you live in Illinois, Washington, Texas, or California, you may have additional rights. The Illinois BIPA law, for example, gives individuals the right to sue companies that mishandle biometric data—which is what prompted the MAC lawsuit in the first place.

The appeal of AI beauty tools is understandable. They save time, reduce product waste, and make shopping more inclusive. But they don’t require you to give away a permanent digital map of your face. Treat your biometric data with the same caution you’d give your Social Security number: share it sparingly, know who has it, and read the fine print before you smile for the camera.

Sources

• “MAC lawsuit highlights privacy risks in AI beauty tools, says expert.” Personal Care Insights, June 23, 2026. Available via Google News RSS feed.