logoalt Hacker News

dotancohenlast Monday at 9:34 PM1 replyview on HN

  > Once a document has been used to verify a person's identity and that the person is of legal age, there is no reason to retain a copy of the document any more.
Might KYC laws and general CYA policies prefer to keep the proof of age? For instance to protect e.g. against a minor altering the date on their passport. Especially in such a regulated industry.

Replies

charles_flast Monday at 10:05 PM

The EDPB has explicitly ruled on that, when it comes to age verification^1, you should delete: "Trust models are crucial to prevent data breaches in age assurance contexts [...] once the user's age is verified, no record of the personal data used for the age assurance process is kept".

^1: https://www.edpb.europa.eu/system/files/documents/2025-04/ed..., number 36.

show 1 reply