I Verified My LinkedIn Identity. Here's What I Handed Over
4 days ago
- #identity-verification
- #privacy
- #data-protection
- LinkedIn's verification process redirects users to Persona Identities, Inc., a third-party company, for identity verification.
- Persona collects extensive personal data including full name, passport details, biometric facial data, and behavioral biometrics like hesitation and copy-paste detection.
- The verification process involves cross-referencing data against government databases, credit agencies, and other third-party sources, effectively running a background check.
- Persona uses uploaded identity documents and selfies to train their AI systems under 'legitimate interest' rather than user consent.
- Verified data is shared with LinkedIn, Persona's service providers, third-party data partners, and potentially law enforcement under the CLOUD Act.
- Persona's subprocessors include 17 companies, all based in North America, with notable AI firms like Anthropic and OpenAI processing passport and selfie data.
- The CLOUD Act allows US authorities to access data stored outside the US, including in Germany, undermining GDPR protections for European users.
- Persona's liability for data breaches is capped at $50, and disputes are subject to mandatory binding arbitration in the US.
- Users can request data access or deletion under GDPR, but biometric data may be retained indefinitely if required by US legal processes.
- The verification process trades significant personal and biometric data for a cosmetic blue checkmark on LinkedIn, with long-term privacy risks.