AI photography is taking over social media. Why are some concerned about privacy?

The latest social media trend sweeping people’s feeds is to share virtual avatars generated through the Lensa AI app.

Lensa, which has been around since 2018, allows users to upload 10-20 photos of their selfies or portraits, then it creates dozens, if not hundreds, of digital images called “Magic Avatars”.

Although the images can be considered digital artwork, those concerned about online privacy have grown concerned about data collection.

Cybersecurity expert Andrew Couts is Wired’s security editor and oversees privacy policy, national security and surveillance coverage. He told ‘Good Morning America’ that it’s almost “impossible” to know what happens to a user’s photos after they’ve been uploaded to the app.

“It’s impossible to know, without a full audit of the company’s back-end systems, how safe your photos may or may not be,” Couts said. “The company claims to ‘delete’ facial data after 24 hours and appears to have good policies in place for its privacy and security practices.”

According to Lensa’s privacy policy, uploaded photos are automatically deleted after AI avatars are generated, and facial data on other parts of the app is automatically deleted within 24 hours of being processed by Lensa.

Prisma Labs, Inc., the developer of Lensa AI, told ABC News in a statement that images uploaded by users are used “solely for the purpose of creating their own avatars.”

“Users’ images are used solely for the purpose of creating their own avatars. The system creates a personalized version of the model for each user and the models never cross paths. Users’ photos and their models are deleted within 24 hours after the end of the avatar creation process,” the company said in a statement. “In very simple terms, there is no[t] a “one-size-fits-all collective neural network” trained to replicate any face, based on aggregate learning.”

“We are updating our terms & Conditions to make them clearer for everyone. The much-discussed permission to use the content for the development and improvement of the work of Prisma and its products refers to the consent of the users for us to form the copy of the model on the 10-20 images that each particular user has downloaded,” the statement continued. “Without this clause, we would not have the right to carry out this training for each subsequent generation. We are fully GDPR and CCAP compliant. We store the bare minimum of data to activate our services. As a reminder, the photos of user are deleted from our servers as soon as the avatars are generated. The servers are located in the United States”

Couts added that he wasn’t too worried about the photos because most of us already have our faces on social media. He said his main concern was the collection of data that could potentially be extracted from users’ phones.

“The main thing I would worry about is the behavioral analytics they collect,” Couts said. “If I were to use the app, I would make sure to enable privacy settings that were as restrictive as possible.”

He said his advice, regardless of apps downloaded, is to enhance personal security through phone settings.

“You can change your privacy settings on your phone to make sure the app doesn’t collect as much data as it looks like it might,” he said. “And you can make sure you don’t share images that contain anything more private than your face.”