Anthropic Updates Claude: Biometric Data Collection Starting July 2026

Anthropic modifies Claude: biometric data collection starting July 2026

Claude's privacy policy will change on July 8, 2026. Anthropic clarifies how your personal data will be used in the context of agentic AI, and for the first time introduces the potential collection of biometric data, with consent.

Anthropic is changing its privacy policy, and Claude subscribers are directly affected by these updates. In a commendably transparent manner, Anthropic has anticipated the upcoming version of its privacy policy, which will take effect on July 8, 2026. The company behind the daily operations of the Claude chatbot has begun notifying its numerous users via email about the forthcoming changes. These changes, applicable to Free, Pro, and Max subscriptions, reflect a Claude that is now capable of acting on your behalf across third-party services. While the core principles remain unchanged (no data sales, no advertising), some new features warrant close attention, particularly regarding biometrics.

Update to the privacy policy

The previous version of Anthropic's privacy policy for Claude came into effect in January. The new version, recently published and applicable from July 8, 2026, pertains to subscribers of the Free, Pro, and Max plans. Users of Team, Enterprise, or Platform are not affected, as their usage is governed by specific commercial agreements. This is an important distinction to keep in mind as we proceed.

The most significant change can be summed up in one word that some of you may already be familiar with: agentic. Claude is now capable of executing complex multi-step tasks, reading files, sending messages, and interacting with third-party applications without requiring your intervention each time. The new policy explicitly clarifies what happens to your data in these scenarios. Some of your inputs and outputs may be transmitted directly to third-party services for Claude to perform the requested actions.

In practice, as soon as you activate an integration, a Connector, a plugin, a webhook, or an external API, Claude can continuously access that third-party service until you manually disconnect it in your settings. The new policy reminds users that these third-party services have their own privacy rules, over which Anthropic has no control. Essentially, before activating an integration, reading the policy of the relevant service is not optional.

Biometrics and identity verification

Until now completely absent from the policy, identity verification makes a notable entrance in the 2026 version. Anthropic now reserves the right to ask a user to confirm their age or identity under certain circumstances to ensure compliance with applicable regulations, likely in response to increasing regulatory pressures regarding online age verification. If you agree to this process, the nature of the data potentially collected varies depending on the chosen method.

The policy specifies that depending on the verification method selected, Anthropic may collect:

• an image of your official identification document
• a photo or video of your face
• facial geometry models

In fact, this refers to a digital mapping of your face, constructed from the distances between your features, which allows for unique identification. This is why this data is classified as “biometric data” in certain jurisdictions, similar to a fingerprint. There is, of course, good news, as this collection can only occur with explicit consent, and only if you initiate the process yourself. No one will identify you without your knowledge.

The new policy also introduces another commitment: if data is anonymized, Anthropic formally prohibits attempting to re-identify it, except under legal compulsion. This guarantee was simply absent in the January version.

Other commitments from Anthropic

There is another category formalized for the first time, that of data resulting from your participation in studies, surveys, or interviews conducted by Anthropic. This information can now be combined with other data from your account for aggregated analysis. Nothing alarming in itself, but the fact that Anthropic has put this in writing is a welcome gain in real transparency.

Anthropic reiterates that users' personal data is not sold. Claude also remains free of any advertising, a uniqueness that still distinguishes it from many players in the industry. These two commitments, reiterated in the new version effective July 8, matter to internet users, who are increasingly vigilant about what happens to their interactions with an AI.

The protection of minors is also subject to a significant strengthening. Whereas the old version merely indicated that Anthropic did not knowingly collect data from those under 18, the new policy announces the implementation of active detection measures to identify and exclude minors from the services. This evolution is likely also linked to increasing regulatory pressures, both in Europe and the United States, regarding the protection of young people online.

Regarding model training, the opt-out principle remains in effect, meaning that by default, Anthropic can use your inputs and outputs to improve its models, but you can opt out from your account settings. There are, however, two exceptions:

• if your exchanges are flagged for security verification
• if you have reported them yourself via feedback mechanisms

For European users, it is Anthropic Ireland, based in Dublin, that remains the data controller, with a one-month response obligation for any requests under the GDPR. One last point to watch if you use Claude with your work email: the new policy specifies that your account may be automatically linked to your employer's business account, a detail that is important if you wish to keep your personal usage well separated.