Uploaded identity documents and selfies are used to train AI models, prompting concerns about biometric data being leveraged for model training under legitimate interests rather than explicit consent.

The verification workflow requires a passport upload, a selfie, and yields a blue checkmark in roughly three minutes, after which the user is advised to review the privacy policy and terms.

While the EU-US Data Privacy Framework is presented as protective, the article argues it rests on shaky legal footing and could be overturned, leaving no effective NOEU safeguards to block US data access under future regimes.

Persona collects extensive personal data—full name, passport details, selfies, biometric facial geometry, NFC passport data, national ID, contact details, IP and device info, geolocation, and behavioral signals like hesitation and data-entry patterns.

Additionally, Persona Identities gathers detailed data including name, address, birthday, contact info, facial geometry, location, and behavioral biometrics such as hesitation detection.

The piece concludes that the verification badge is largely cosmetic and emphasizes the need for informed consent and awareness of data tradeoffs when using identity verification services.

Biometric data retention may extend beyond six months if legally required, while terms cap liability at $50 and mandate binding arbitration, limiting user redress.

Persona cross-references users against global third-party data sources—government databases, credit agencies, utility and telecom records, and mobile providers—for background checks.

Practical guidance includes requesting data deletion and exercising data rights through Persona’s privacy channels, and reassessing the value of the verification badge given privacy risks.

The CLOUD Act implies US authorities can compel access to data held by Persona even when stored overseas, undermining GDPR protections via cross-border access.

A privacy researcher and blogger reveals that LinkedIn’s identity verification routes users to Persona Identities, Inc. for processing rather than handling data in-house, raising questions about data flow.

The report raises concerns about the invisibility of data processors between users and trusted platforms and questions privacy implications of cross-corporate data sharing in verification workflows.