Posted by 
“The Internal Revenue Service (IRS) has partnered with ID.me to provide identity verification for IRS applications. Individual taxpayers and tax professionals are required to verify with ID.me to NIST 800-63-3 IAL2+Liveness and AAL2 for secure login. These identity proofing services are crucial for the IRS to ensure millions of taxpayers and tax professionals can securely access the IRS and its applications.” What you may not know is that they are collecting biometric data in the process. In the United States as it currently stands, there is no single, comprehensive federal law regulating the collection and use of biometric data. Does that concern you?
US vs. EU
Unlike the United States, the European Union has taken active steps to create all encompassing data collection and privacy legislation. They have specifically outlined courses of action for collection of biometric data as well. On a very broad level, “The GDPR prohibits the processing of biometric data for the purpose of uniquely identifying natural persons.” They have written exceptions to that rule to further define and clarify any misconceptions.
Current US Biometric Data Collection Legislation
While what ID.me is doing is not entirely wrong, there is no US federal legislation to hold them accountable. It doesn’t seem like we have much of a choice but to trust them either. When logging on to the IRS website to request a tax transcript, I was forced to undergo this involved process of taking a video selfie in order to verify my identity. It felt a bit invasive and it just left me to wonder what ID.me was going to do with that video. I read their privacy policy and it says I can request to delete my information, but there is a clause that states that “it may be impossible for us to completely delete all of your information because we periodically back-up information.” This was followed by another long paragraph outlining another 9 reasons why they would be unable to delete PII.
As consumers, alarm bells should be ringing. We should be worried about security, PII, and data privacy laws. As users, we should be able to control our data and have no doubt in our minds that our information is safe. Here at Rownd we protect each customer’s personal information while helping businesses build trust across their brand.
Interested in learning more about Rownd? Head on over to rownd.io for more information.