Recently, a new trend of AI video calls has emerged on TikTok. More people have started to have video chats with Doubao AI and seek advice on clothing styles. This seemingly simple action involves serious privacy issues. It is not just the concern of whether the video will be leaked, but also what exactly is captured by the camera and how the platform will redefine the boundaries of this information. The controversy surrounding Doubao videos reminds us that in the AI context, the issue of privacy usually doesn’t start with data leakage, but rather begins from the moment of data capture, understanding, and processing.
When a user turns on the camera, they usually only focus on the immediate situation. For instance, going to the bank for facial verification is to log into an account; using self-checkout in the supermarket is for payment; and having a video chat with an AI is to get some advice. However, what the system actually receives is often more than what the user thinks they have handed over.
Users vs Platforms
This issue is not abstract. The Office of the Australian Information Commissioner once determined that Bunnings had captured approximately 100,000 facial images of customers in 63 of its stores using CCTV and facial recognition systems. People consider this a serious violation of personal privacy.
The post from OAIC is worth including not only because it reports on the Bunnings case, but also because it reminds us of an easily overlooked fact. That is, many privacy issues are not truly regarded as public problems until the regulatory agency explicitly points them out. For ordinary customers, facial recognition in retail scenarios often does not appear in the form of “risk governance”. It is more like security, management, or a technology used by the store itself in the background. However, OAIC’s statement reminds us that the problem does not start until the data actually leaks. As long as the system is already capturing and processing people’s facial information, the privacy risk has already occurred.
The same logic also applies to the AI video case. From the user’s perspective, the AI video is just an ordinary chat. But from the platform’s perspective, this is a continuous video input.
According to Doubao’s privacy policy, after the user actively initiates a video call, the platform will process the content captured by the camera and conduct continuous image understanding.
It is not a simple question about clothing style that it handles, but a whole segment of visual information that can be analyzed. What the platform receives is a person that can be decomposed and interpreted by technology. Therefore, the issue of platform governance arises naturally from this.
What the camera shows is never just clothes
When users ask about clothing through AI videos, they are mainly presenting their clothes. However, the camera often incorporates additional elements as well: faces, body shapes, skin tones, age, speaking styles, living environments, and even the figures of other people in the scene. This means that the system receives a comprehensive visual sample that contains clues about appearance, space, and lifestyle.
This is not an alarmist claim. The UK ICO’s guidelines on biometric technology clearly state that,
“Biometric recognition begins with biometric capture.”
Biometric identification does not begin with the moment of “recognizing who you are”, but starts from the moment of capture. Photos, recordings, and videos can all potentially serve as the starting point for handling personal privacy. In other words, capture itself is part of the processing.
When placed in the context of the Doubao situation, the issue becomes even clearer. The user thinks they are presenting clothes, but what the platform actually processes is a person – a technical sample that can be broken down into aspects such as appearance, body, space, and behavioral cues.
A notable issue is whether the context has been altered
When many people think about privacy, the first thing that comes to mind is whether the privacy will be leaked. However, privacy issues are not limited to this. Helen Nissenbaum’s concept of “context integrity” reminds us that the more crucial issue regarding privacy is whether the information is flowing in the appropriate social context and in accordance with reasonable norms.
This is precisely the most worrying aspect of Doubao video. Users think they are entering a scenario seeking help, expecting immediate feedback from the AI. However, what the platform is dealing with is a different context, namely video input, image understanding, data storage, and possibly more analyses that may arise. This means that the platform is not merely analyzing the outfit, but is redefining the meaning of this input in a technical sense.
Therefore, the issue with AI videos is not just whether users have granted camera permission. Rather, it is whether the platform, through a seemingly limited and bounded usage scenario, incorporates information far beyond “outfit suggestions” into the scope of information processing.
Consent is not the same as understanding
When facing such issues, platforms often attribute them to users. They generally believe that the videos were opened by the users themselves, and users can close them at any time. Moreover, the relevant content has already been included in the privacy policy. Therefore, users have sufficient right to be informed. However, the problem with this statement is that the platform re-packages a complex governance issue as a question of users’ understanding of the privacy policy.
Daniel Solove criticizes this behavioral logic. He believes that when the data and information processing of platforms are too complex and the risks are difficult for ordinary users to understand in advance, formal consent does not equal true understanding and mastery of rights. That is to say, even though users click the “agree” button, this does not mean that the button has become a real right to be informed and free choice.
This is also the issue that Nicolas Suzor repeatedly emphasized when discussing platform governance:
“The lack of transparency and accountability will continue to breed allegations”
He believes that the platform does not merely provide services to users neutrally. This means that the design logic of the platform itself is constantly influencing users’ behaviors, and these behaviors are often influenced and regulated in the absence of transparency and accountability.
This viewpoint is particularly evident in the AI video scenario. Although users know that they have actively turned on the camera, they usually do not truly understand how the platform will use and analyze their information materials. For example, how is the video content analyzed by the platform? Will the content be retained for a long time? Therefore, formal consent cannot truly and completely transform into substantive rights protection.
Compared to the situation where users need to carefully read the privacy policy and painstakingly try to understand the lengthy and obscure policy content. The issue that truly deserves attention should be that the platform needs to clearly define what responsibilities it needs to undertake. For the platform, more reasonable demands is that it should fulfill the obligation of minimizing data, fulfill the duty of providing appropriate explanations and setting boundaries. It should more clearly inform users about the shooting range of the camera, that the video content will not be further used, and the reasons for necessary processing of the content.
Why is this a big deal?
Perhaps some people think that video call with AI is just a trivial matter. Compared to incidents like having one’s wallet stolen or having one’s identity stolen, it really doesn’t deserve to waste emotions and thoughts. There is no need to elevate it to such a serious level. However, this idea ignores a crucial issue, that is, many privacy harms do not manifest as huge losses immediately.
Citron and Solove point out that privacy harms often accumulate in very insignificant ways. Imagine if you noticed the following situations in your life? For example, being accidentally captured by the dashboard camera of another vehicle, having an irregular membership card binding experience, or a hidden online class recording, etc. These moments seem very ordinary and not worthy of serious treatment. But when similar information is repeatedly recorded without your awareness and the data accumulates continuously, it will turn into a real power imbalance.
Putting this viewpoint into the context of Doubao video. Then what really deserves concern is not whether the video content will be made public by the platform. But the platform is gradually enhancing its understanding and analysis of users through this seemingly unserious interaction. Through the continuous accumulation of video materials, the platform will increasingly know users’ appearance, economic level, expression style, and other personal information.
Similarly, what makes this problem even more serious is that the data collection process is usually not conspicuous. It is hidden in a seemingly voluntary and harmless daily routine. This is different from the scenario where users formally enter an inspection or customs for serious identity information verification. Instead, users implicitly “hand over their ID cards” to the AI platform in their own bedrooms or other family spaces. The reason why environmental factors are important is that the convenience and familiarity of the environment will naturally reduce the users’ suspicion. This means that the more casual and beneficial the interaction seems, the more the users will lower their guard.
Therefore, this issue no longer merely concerns the preservation and leakage of content, but a matter of power.
This is a digital rights issue
If we merely view Doubao videos as an ordinary product feature, then the discussion of this situation can easily remain at the level where users need to understand in detail how this function operates. However, if this function is placed within the framework of digital rights, it will be found that it actually involves deeper issues. That is: Who should determine the boundaries of image processing? Who should explain whether data processing is necessary? Who should ensure that users can avoid being repeatedly analyzed and redefined by the platform without realizing it?
Terry Flew’s perspective on platform governance is very helpful for this viewpoint. He points out that governance is inherently an attribute of digital platforms. For platforms, the most important challenge is how to establish an appropriate balance between external regulation and internal governance practices. From this perspective, Doubao videos are not just an ordinary product feature, but rather a governance practice of the platform in actively collecting and processing information.
The Bunnings case also shows that privacy risks start from capture. The OAIC determined in 2024 that Bunnings captured facial images of people entering the store using CCTV and facial recognition systems, involving 63 stores and a large number of customers; in the 2026 review stage, the OAIC still emphasized that this case confirmed the high threshold for the application of facial recognition technology in Australia and once again highlighted the importance of notification and risk assessment.
The Doubao video further illustrates that in AI scenarios, such capture is often packaged as help, advice, and convenience. Because it seems lighter, more daily, and more like a service, the risk is more likely to be underestimated.
Conclusion
Having video chats with AI to get fashion advice seems like just a new trend. But what it truly reveals is how cameras, platforms, and rules together have changed the boundaries of privacy.
If the platform truly wants to prioritize convenience in order to attract more users, then it cannot only optimize the image recognition capabilities and response speed. It should also more clearly define the boundaries and scale of content processing.
Furthermore, in the AI video scenario, the most alarming thing is that personal information is often processed and collected under an unequal right situation. Perhaps this is precisely the most necessary change to be seen when discussing privacy today. Because many boundaries do not suddenly disappear; instead, they are gradually rewritten under the names of convenience, assistance, and harmless use.
Reference
Citron, D. K., & Solove, D. J. (2022). PRIVACY HARMS. Boston University Law Review, 102(3), 793–863.
Flew, T. (2022). Regulating platforms. Polity Press.
Information Commissioner’s Office. (n.d.). Biometric recognition. Retrieved April 10, 2026, from https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/biometric-data-guidance-biometric-recognition/biometric-recognition/
Nissenbaum, H. F. (2009). Privacy in context : technology, policy, and the integrity of social life (1st ed.). Stanford Law Books.
Office of the Australian Information Commissioner. (2024, November 19). Bunnings breached Australians’ privacy with facial recognition tool. https://www.oaic.gov.au/news/media-centre/bunnings-breached-australians-privacy-with-facial-recognition-tool
Office of the Australian Information Commissioner. (2026, March 5). Privacy Commissioner statement on Administrative Review Tribunal’s Bunnings decision. https://www.oaic.gov.au/news/media-centre/privacy-commissioner-statement-on-administrative-review-tribunals-bunnings-decision
Solove, D. J. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126(7), 1880–1903.
Suzor, N. P. (2019). Lawless: The Secret Rules That Govern Our Digital Lives. Cambridge University Press. https://doi.org/10.1017/9781108666428
豆包. (2026, March 19). 隐私政策 [Privacy policy]. https://www.doubao.com/legal/privacy
Be the first to comment