Your Face Is Data: What the MAC Lawsuit Reveals About Privacy Risks in AI Beauty Tools

If you’ve ever used a brand’s virtual try-on tool to see how a lipstick shade or foundation looks on your skin, you’ve handed over a detailed map of your face. A recent lawsuit against MAC Cosmetics is drawing attention to what happens to that data after you tap “try it on.” Privacy experts say the case is a warning for anyone who uses AI-powered beauty apps, and it raises questions that go well beyond one brand.

Here’s what happened, why it matters for your privacy, and what you can do about it.

What happened in the MAC lawsuit?

In June 2026, a lawsuit was filed against MAC Cosmetics (owned by Estée Lauder) alleging that the company’s AI beauty tools collected and shared users’ facial data without adequate consent. According to reports cited in Personal Care Insights, the lawsuit centers on how the virtual try-on feature captures biometric information—like the shape of your eyes, nose, and jawline—and then shares that data with third-party analytics and advertising partners. The complaint argues that this practice violates state biometric privacy laws, particularly in Illinois, where the Biometric Information Privacy Act (BIPA) requires clear notice and written consent before collecting facial geometry data.

The details of the lawsuit are still emerging, and MAC has not yet issued a public response as of this writing. But the core allegation is familiar to privacy watchers: an app that seems to offer a fun, low-stakes experience is actually gathering highly sensitive personal data behind the scenes.

Why it matters to consumers using beauty tools

AI beauty tools are not just taking a simple photo. They analyze your face’s unique contours, skin tone, and proportions—data that can be used to identify you, even if your name isn’t attached to it. Unlike passwords or email addresses, you cannot change your face if it gets leaked or misused.

Many people assume that a virtual try-on is temporary: you snap a photo, the app shows you the effect, and the data disappears. In reality, many beauty apps store facial scans on servers, sometimes indefinitely, and share them with third parties for analytics, ad targeting, or product improvement. This is often buried in privacy policies that most users never read.

The MAC lawsuit highlights a broader trend. As more beauty brands adopt AI try-ons—from lipstick to hair color—the underlying data collection practices are receiving greater legal scrutiny. The risk is not limited to MAC. Other brands may have similar data flows, and consumers have limited ways to verify what actually happens after they click “allow camera access.”

What you can do to protect your privacy

You don’t have to stop using virtual try-ons entirely, but you can take a few practical steps to reduce your exposure:

  • Read the privacy policy before you grant access. Look for language about data retention, third-party sharing, and whether the company uses biometric data for advertising. If the policy says “we may share data with partners for analytics,” treat it as a red flag.
  • Use the tool in a temporary or guest session. Many beauty apps allow you to try products without creating an account or logging in. Avoid linking the tool to your social media or email unless necessary.
  • Disable camera permissions after use. On both iOS and Android, you can go into settings and revoke camera access for the app once you’ve finished trying on products. This prevents the app from capturing additional images in the background.
  • Use a dummy photo if the app allows it. Some tools let you upload a photo from your gallery instead of taking a live shot. You can use a generic face image or one without identifiable features.
  • Check for data deletion options. After using a try-on, see if the app or website offers a way to delete your image or data. If not, contact customer support and ask them to remove it.
  • Be aware of biometric privacy laws in your state. If you live in Illinois, Texas, Washington, or New York, you may have additional rights (such as the right to sue for unauthorized data collection). Check your state’s consumer protection office.

The bigger picture

The MAC lawsuit is one of several recent cases that signal growing scrutiny of how companies handle biometric data. Laws like BIPA set a high bar for consent, but most states do not have similar protections. Until federal rules catch up, it falls on consumers to stay informed and cautious.

As Personal Care Insights reported, privacy experts are urging consumers to treat beauty apps the same way they would any other service that collects sensitive data: with a healthy dose of skepticism. The fun of seeing yourself in a new shade of lipstick is not worth handing over the keys to your identity.

Sources