The Drum Awards Festival - Official Deadline

-d -h -min -sec

GDPR Data & Privacy Technology

FaceApp: How we might be (knowingly) signing our rights away

By Matthew Burt

July 24, 2019 | 6 min read

FaceApp’s aging transformation app has Drake and LeBron James among its reported 100m users, but its user terms are proving a cause for concern and in need of increased awareness. By using the app, and by default signing up to the app’s terms of service, users are agreeing to grant perpetual, irrevocable, nonexclusive, royalty-free and worldwide rights of their image and likeness to FaceApp for its free use to reproduce and modify as they wish.

FaceApp: How we might be (knowingly) signing our rights away

FaceApp: How we might be (knowingly) signing our rights away

Whether there is material proof that the developers are exercising the rights being granted is not currently known, however, the mere fact they have this right in the first place is a red flag. FaceApp is only the current example, but more and more apps and social platforms are obtaining these broad rights from its users, and the natural question is, why?

There is also a question of deceptiveness here. Is the message that users are granting these rights clear enough? Arguably no. Companies are obligated to signpost personal data use better following the implementation of General Data Protection Regulation (GDPR) in May 2018, but the user journey of FaceApp isn’t clear enough when it comes to notifying users what personality rights they are essentially giving away. There is no obvious access the terms you are agreeing to - it’s only following an active search that you can find the detail. With the minimum user age being 13, do the younger user really know what they’re signing up to (granted parent supervision is suggested up to the age of 18)?

FaceApp isn’t the first app and certainly won’t be the last app of this kind. Moving forward, developers need to improve by ensuring users are consciously aware of what happens to their personal data and personality rights if they tick the ‘agree’ button and importantly what happens when they delete the app in its entirety. Quite simply we should not be granting personality rights to third-parties for free and unlimited use. This is a moral and legal debate that needs to result in protecting the end user better, otherwise we are signing our rights away to a multitude of third-party companies and it will be only a matter of time until these rights are misused (with little recourse for the end-user).

As an agency who works with multiple platforms as well as being at the helm of curating and designing new technology platforms and apps, we have a role and responsibility to work with our clients to help protect users. Finding the right balance between regulatory compliance, legal safeguarding and creativity is key. Failure to do so would be a breach of this vital role and responsibility of the modern-day agency.

For agencies, this role and responsibility starts at the core and filters its way out. Working in a legal and business affairs function at R/GA gives me a unique benefit of having cross-agency sight, which has taught me that education is paramount. We need to ensure that the people working on a project understand the wider impact of their creative output, and to help our clients understand what they are asking their customers to do, especially with respect to its implications on the end user’s personal data and personality rights. We need to be better at informing, we need to increase awareness. A sense of collective responsibility between marketers, brands and agencies is only going to have a positive effect.

For brands, the obvious danger with respect to data is a breach of General Data Protection Regulation which, as British Airways and Marriott International found out recently results in hefty fines. But an equally important danger is the loss of brand loyalty and customer trust for being deceptive when it comes to people’s personality rights. As an end-user of a platform, if I have to irrevocably grant my personality rights in perpetuity to allow a brand to use my image and likeness how they wish, my trust in that brand is immediately going to be put in doubt. In an ideal and more protected world, brands should only be looking at being granted the personality rights from end-users of their platforms and apps specifically for the purpose of that platform or app, nothing else.

I appreciate it’s not that simple. With billions of users granting their personality rights to the major social media platforms such as Facebook, the reversion of this action is arguably an uphill battle. The moral of the story then is that we, as marketers, brands and agencies have an important role in an age of ever-evolving digital privacy to ensure that brand customers are aware of the rights they are giving away before they have indeed metaphorically signed their life away. Awareness informs a conscious decision, and if you still want to use FaceApp and the plethora of other apps obtaining the same personality rights for no clear and obvious reason, then that’s completely your decision, but at least it will be an informed one. Let’s just hope we won’t suddenly start seeing all of our own faces being used as part of global advertising campaigns.

Matthew Burt is the business affairs manager at R/GA London

GDPR Data & Privacy Technology

More from GDPR

View all


Industry insights

View all
Add your own content +