This article, written by Amalia Kurniaputri (Trainee Associate), was published in the 70th Edition of Synergy Magazine by ELSA International.

When it comes to cosmetics, buyres must see and test the product to decide whether it matches their skin tone or is eye-catching to wear-it is unlikely to buy cosmetics blindly and impulsively. As a result of the COVID-19 predicament, the cosmetic industry has been driven to be technologically innovative to provide such experiences with consumer-facing technology. The technology now has acquired a critical role incustomer and shopping experiences, allowing customer to feel being as if they are at a physical store while staying at home. Ulta Beauty's GlamLab virtual try-on tool, for instance has increased consumer engagement fivefold with over 19 million shade try-on. Ulta Beauty also recently unveiled Skin Analysis which uses the biometric collection to analyse skin and provide recommendations and product recommendations for concerns such as hyperpigmentation and fine wrinkles. The feature of choosing and testing cosmetic products online expanded to other brands: Maybelline New York with 'Maybelline Virtual Try-On Makeup Tool' and Channel with 'Chanel Lipscanner'.

On the other side, as these technologies were designed to meet the needs and interests of specific customers, they may also expose individuals to identity-based attacks. This essay looks at how a cosmetic company, in this example Ulta Beauty, uses biometric data collecting and processing through consumer-facing technologies while elegantly wrapping it in self-fulfilment activites. The privacy paradox in personalised shopping will also be addressed. Despite the fact that Ulta Beauty is a US-based corporation that adheres to the Califfornia Consumer Privacy Act and the Schrems II ruling, the case may underline the need for privacy awareness in the shopping experience.

Biometric Data Collection in Virtual Try-On Makeup

Biometric data is personal information derived through technological processing of a natural person's physical, physiological, or behavioural traits that allows or confirms that natural person's unique identity, such as a face image or dactyloscopy data. In the present case, the personalisation facilities with the try-on make-up feature are gathered when customers provide the biometric data or interact with the technology. The data collected and processed was for the marketing and sales strategies, and other reasons disclosed to the customer at the time of collection. Knowing that this data may be shared with third parties, which exposed the extent to which the data was given, poses and identity-based vulnerability considering the sensitive nature of the information.

To put it another way, if an unauthorised user has access to certain facial data, they may use that information to identify that individual and take whatever action they wish, whether lawful or unlawful. Since the GDPR has no percise rules for processing biometric data, the rights to privacy and data protection colud be violated. According to Kindt, using facial images and biometric features for identification purposes, in general, may violate other fundamental rights such as freedom of expression and the right to assemble and associate. The biometric data gathered was also seen as an aspect of "private life." In S. and Marper v. the United Kingdom, the Court expanded "private life" protection to include not just a person's name but also their physical and psychological integrity, as well numerous aspects of their physical, social, and ethice indentities. On that account, the necessity for appropriate and comprehensive protection will be regarded as a preventative measure against the emergence of the greatest risks like covert identification and function creep. Recognising the risks associated with biometric technologies should become a primary focus for every country.

The Privacy Paradox relating to Cosmetic Customer Experiences with Virtual Try-On Makeup

The primary pirpose off adopting virtual try-on features for customer experiences was to deliver a personalised experience. For that reason, manu customers are unaware of their self-interest prioritised benefit and overlook the risks, a phenomenon is known as the privacy paradox. As per the Privacy Calculus Theory, since the apparent benefirs outweight the perceived risks, privacy issues are frequently neglected, resulting in information exposure in exchange for economic benefits, personalisation, convenience, and social benefit. Additioonally, a previous study has indicated that, despite online customer's worries about privacy, they occasionally willingly divulge personal informatioon and accept being tracked and profiled in exchange for retail value and personalised services. Therefore, the privacy paradox posed the question of whether customers-and society in general-are fully ready for the digital era and conscious enought to leave their biases to preserve their persoonal information.

On the contrary, the privacy paradox is important for a business like Ulta Beauty. That;s because the privacy paradox narrative defines the scope of corporate responsibility as relatively narrow: if customers are presented as relinquishing privacy when online, businesses have little to ne responsibility to acknowledge or satisfy privacy protection. Such practices may be viewed as creating inadequate privacy safeguards, which may contribute to biometric data-related risks. Thereby, Stefanie Potzch noted that in order to prepare societies for the digital era and tackle the privacy paradox, businesses should develop tools and features that are designed to influence people's behaviour in increase privacy awareness.

Lastly, Article 12(1) GDPR mandated taking the appropriate steps to distribute information in a comprehensible and easily accessible way. While Ulta Beauty's privacy policy is comprehensive regarding what data was gathered and processed and for what purpose, it may be impractical for certain people to read and analyse the policy. Customer's virtual try-on make-up experiences should be informed through specific application tools (for instance, the pop-up informed consent) about what data gathered apart from cookies-because the two are not the same-rather than using automated individual decision making.

Conclusion

In closing, the makeup try-on technology analyses and identifies individual personalisation for the cosmetic we have picked with the biometric collection. Customers must carefully balance their desire and needs when utilising technological features that take advantage of personalisation to preserve privacy. When a person is digitally ready, they can leverage and are aware off the technologies they are using, including the consequences. The act of choosing to be unaware, ipso facto, has a long-term influence on the privacy data issue for both the customers and businesses. The price of privacy does not outweigh the benefits. Consequently, both customers and businesses mush share the burden of privacy awareness; businesses must privide tools to enhance privacy awareness, whereas customers must strengthen their sense of pretectin their privacy.