I can't speak about this being a current law, but there were laws in multiple US states at various times that prevented you from storing facial data on the server. In turn features like snapchat's face filters were doing all the relevant computation locally on the device (which back then was certainly a complicated achievement).

US tech companies are constantly under FTC audit relating to how they use user data. This is certainly not something that needs to be seriously worried about, certainly less so than say the way in which cameras placed all over cities are used to track all sorts of people or storing GPS locations attached to a specific devices UUID.