Identity verification | Your face and your data don't belong to you – Anthropic (Claude), LinkedIn and the new economy of biometric control

ID please! How AI platforms are taking total control over our digital identities

The secret power of data: How Anthropic, LinkedIn & OpenAI outsource our faces to third parties

Those who want to use modern AI systems no longer pay just with subscription fees, but increasingly with the most sensitive data we possess: our biometric identity. The latest measure from Anthropic, the company behind the celebrated AI assistant Claude, marks a far-reaching turning point in digital infrastructure. To use certain functions, the system now requires an official photo ID paired with a live selfie. What is presented to the outside world as a harmless, necessary step for platform hygiene and abuse prevention turns out, on closer inspection, to be a data privacy minefield. This is because the biometric data does not end up with Anthropic itself, but with Persona – a US third-party provider deeply rooted in the investor network of Peter Thiel's surveillance company Palantir, which also handles verification for giants like LinkedIn and OpenAI. The following article sheds light on this risky entanglement of the new identity economy, explains the irresolvable conflict between the US CLOUD Act and the European GDPR, and shows why companies now urgently need to rethink their AI strategy to avoid falling into an existential liability and dependency trap.

Related to this:

• The German Armed Forces are foregoing Palantir and are examining alternatives: Almato (Stuttgart), Orcrist (Berlin) and Chapsvision (Paris)

When trust becomes a commodity: How AI platforms are taking control of digital identities

Anthropic, the company behind the AI ​​assistant Claude, introduced a measure in early April 2026 that has sparked considerable debate within the industry: mandatory identity verification for selected users using an official photo ID and a live selfie. Anyone wishing to use Claude in certain situations must undergo a biometric process conducted by a US-based third-party provider. This decision is technically trivial, but politically and economically far-reaching – and it touches on issues that extend well beyond platform hygiene. Anthropic is not alone in this: LinkedIn, Reddit, Discord, and OpenAI all use the same infrastructure, the same service provider, and the same investor network. And therein lies the real problem.

Valuation, market power and responsibility of systemically important infrastructure

To understand the implications of this decision, it's necessary to first look at Anthropic's current market position. In February 2026, the company, founded in 2021 by former OpenAI researchers, closed a $30 billion Series G funding round, achieving a post-money valuation of $380 billion – the second-largest private funding round in the history of the technology industry, surpassed only by OpenAI's $40 billion round. Annualized revenue stands at $14 billion, with revenue from its developer tool Claude Code alone exceeding an annualized rate of $2.5 billion in February 2026. Approximately 80 percent of its revenue comes from enterprise customers.

The valuation implies a revenue multiple of around 27 – high, but not exceptional in the current AI investment environment. Amazon is the largest single investor with approximately $8 billion, alongside Singapore's sovereign wealth fund GIC and Coatue Management as leading investors. Founders Fund, Peter Thiel's investment vehicle, co-led the round. This means Anthropic is no longer a startup in the traditional sense, but a systemically important infrastructure provider for thousands of companies worldwide. It is precisely this status that makes the decision regarding identity verification so remarkable: A company that provides core infrastructure for enterprise AI delegates the collection of biometric user data to an external US provider without building its own data protection architecture compliant with European law.

Persona Identities: The silent backbone of the digital identity economy

The verification provider chosen by Anthropic is Persona Identities, a San Francisco-based startup specializing in Know Your Customer (KYC) and identity verification solutions. In April 2025, Persona closed a $200 million Series D funding round, achieving a valuation of $2 billion. The round was co-led by Founders Fund and Ribbit Capital, with participation from existing investors such as BOND, Coatue, First Round Capital, and Index Ventures. In 2024 alone, the company performed over 300 million identity verifications while simultaneously doubling both its revenue and customer base. Its client companies include Reddit, LinkedIn, OpenAI, Discord, Roblox, and many other major platforms. Persona has thus become the de facto identity infrastructure for large portions of the English-speaking internet.

What dominates the public discussion, however, is the investor landscape. Founders Fund is the vehicle of Peter Thiel, the German-American entrepreneur and venture capitalist who co-founded PayPal in 1998, built Palantir Technologies in 2003, and has run Founders Fund since 2005. Thiel is chairman of Palantir's supervisory board—a position he has held continuously since the company's inception. According to various reports, Founders Fund holds approximately 10 percent of Persona and led both the Series C and Series D funding rounds. What is particularly striking is that, according to a detailed analysis, Persona lists around 17 subprocessors, including AWS, Google, OpenAI, Stripe, Twilio—and potentially Anthropic itself. LinkedIn, according to its own statements, receives only a small portion of this data: name, year of birth, verification result, and a redacted version of the ID. The far more comprehensive dataset remains with Persona.

The architecture of interdependence: More than just an investor relationship

At this point, a more nuanced distinction is needed, one that is often omitted in public debate. The simplistic equation "Thiel invests in Persona, therefore Palantir can access Persona data" is inaccurate. Peter Thiel is not a founder, CEO, or operational decision-maker at Persona. Founders Fund holds a minority stake and has no proven operational control over Persona's data policies.

What gives legitimate cause for concern, however, is the structural level: Founders Fund, as the main investor, led the most significant funding rounds and thus possesses so-called information rights – contractual access to key business figures, customer development, and strategic direction. Thiel simultaneously serves as Chairman of Palantir, whose entire business model is built on fusing heterogeneous datasets into coherent identity and behavioral profiles. Security researchers analyzing Persona's systems in the course of public debates discovered nearly 2,500 publicly accessible front-end files on a US government-authorized server – files that revealed 269 different verification checks per user, including facial recognition against wanted lists and checks against politically exposed persons lists. In this sense, the business models of Palantir and Persona are architecturally complementary: Persona produces verified biometric identity anchors, while Palantir creates the infrastructure for data fusion and analysis. No data transfer between the two companies has been documented. But the governance structure creates an informational proximity that cannot be ignored when processing biometric data from millions of users.

Palantir's reality: From intelligence partner to German police infrastructure

To complete the context, it's important to consider Palantir's actual operations. The company was founded in 2003, primarily with seed funding from the CIA's venture capital arm, In-Q-Tel. Its original core product, the Gotham platform, is used to analyze and merge heterogeneous datasets for law enforcement and intelligence agencies. U.S. Immigration and Customs Enforcement (ICE) has used Palantir for more than a decade for its Investigative Case Management (ICM) system.

In April 2025, Palantir received a contract worth approximately $30 million from ICE to develop the Immigration Lifecycle Operating System (ImmigrationOS)—a deportation-focused system that generates algorithmic confidence scores for deportation decisions and aggregates data from various sources. A follow-up contract worth approximately $30 million for system maintenance was awarded in October 2025. Since Trump's inauguration in early 2025 alone, Palantir has received billions of dollars in federal contracts.

The European rollout is already well advanced: Palantir software is used by the Bavarian police under the name VeRA, by the Hessian police under HessenData, and by the North Rhine-Westphalian police. Data protection experts describe the existing framework agreement, which allows all federal states to use the system without a new tender process, as a "breach of the dam" with structural dependency. This raises a fundamental legal question: As a US company, Palantir is bound by the US CLOUD Act, which obligates US companies to grant the US government access to data regardless of the server location – a conflict that cannot be structurally resolved through contractual clauses.

The Discord case: A warning sign that Anthropic deliberately ignored

The structural risks associated with Persona were already being publicly debated before Anthropic's decision. Discord had used Persona for identity and age verification and immediately faced massive user backlash. The criticism stemmed from the combination of the Thiel connection and a lack of transparency regarding data processing. Simultaneously, it emerged that another age verification provider, which Discord had used for some of its users, had compromised approximately 70,000 official identification documents – an incident that suddenly highlighted the inherent risks of outsourcing biometric identity verification to third-party providers.

Security researchers analyzing Persona's systems during this debate discovered the aforementioned publicly accessible frontend files on a FedRAMP-authorized government endpoint—a server labeled with codenames of active intelligence programs. Persona's CEO, Rick Song, described the exposed files as publicly available code with no security implications. Discord terminated its partnership with Persona immediately after the debate and switched to other providers. That Anthropic nevertheless selected the same service provider just weeks after this widely publicized incident is a deliberate strategic decision—and should be analyzed as such. It suggests that for Anthropic, compliance considerations and the possibility of rapid implementation took precedence over reputational and data privacy risks.

What Anthropic promises – and what gaps remain

Anthropic's official communication regarding identity verification is remarkably defensive. The company emphasizes that identity data is not used to train models, that only the minimum information required for verification is collected, and that any sharing with third parties occurs exclusively with Persona and is based on legal requirements. Anthropic describes itself as the "Data Controller," setting the rules for usage duration and purpose, while Persona acts as a data processor. Verification can be triggered not only by targeted access to specific features but also by "routine integrity checks"—meaning the impact is independent of the situation.

Anthropic explicitly does not specify the retention period – how long the ID copies and selfies are actually stored – in its public communications. This is a significant information gap, as biometric data is considered special category data under EU law, as defined in Article 9 of the GDPR, and is subject to enhanced data protection obligations. There is no EU data center, no guaranteed data storage within the EU, and the only legal basis for data transfer to the US is Standard Contractual Clauses (SCCs). What Persona actually collects from users goes far beyond a simple comparison: In addition to name, passport photo, facial geometry, and NFC chip data from the passport, IP address, device type, location data, and behavioral data are also collected – including how long a user hesitates or whether they copy information.

Industry focus areas: B2B, digitalization (from AI to XR), mechanical engineering, logistics, renewable energies and industry

More information here:

• Expert Business Hub

A thematic hub offering insights and expertise:

• Knowledge platform covering global and regional economies, innovation and industry-specific trends
• A collection of analyses, insights, and background information from our key areas of focus
• A place for expertise and information on current developments in business and technology
• A hub for companies seeking information on markets, digitalization, and industry innovations

CLOUD Act versus GDPR: The irresolvable legal conflict

The actual effectiveness of standard contractual clauses has been significantly limited following the Schrems II ruling by the European Court of Justice in July 2020. While the EU-US Data Privacy Framework has provided a supplementary legal basis since July 2023, this framework is also subject to the fact that US companies are subject to the National Security Act and FISA Section 702 – i.e., to state surveillance that fundamentally contradicts European fundamental rights protection.

The core problem here is a direct conflict of law: Article 48 of the GDPR is unambiguous – judgments and decisions of foreign authorities requiring a data controller to transfer personal data are only recognized if they are based on an international agreement. The CLOUD Act is not based on any such agreement – ​​it deliberately circumvents them. In practice, this means that a US cloud provider that complies with a CLOUD Act order and transfers data of European customers to US authorities violates the GDPR. If it does not comply, it violates US law. This conflict is structural and cannot be resolved by contractual clauses or standard contractual clauses. In this context, SCCs do not guarantee protection, but rather serve as a legal fig leaf.

Related to this:

• Protection from the CLOUD Act – Moving away from US clouds: Airbus plans to withdraw and pulls the plug on sensitive data

The underestimated liability risk for companies in the workplace

For companies using Claude in a business context, an immediate question arises. The GDPR obliges data controllers to demonstrate an explicit legal basis for every instance of data processing. Biometric data falls under the special categories of data according to Article 9 of the GDPR, the processing of which is generally prohibited unless one of the narrowly defined exceptions applies. Furthermore, AI systems that process biometric data trigger the obligation to conduct a data protection impact assessment (DPIA) according to Article 35 of the GDPR – an obligation that, according to the German Data Protection Conference's blacklist, explicitly applies to the use of AI for processing personal data.

The EU AI Act significantly tightens this legal framework from August 2026. Real-time biometric remote identification in public spaces has been prohibited since February 2025. AI-based identity verification systems, insofar as they are used for sensitive decisions, can be classified as high-risk AI systems and are then subject to strict certification requirements, transparency obligations, and obligations for human oversight. Violations can be punished with fines of up to €35 million or 7 percent of global annual turnover – a higher maximum than under the GDPR. In the US, the legal situation is also risky from a business perspective: The Illinois Biometric Information Privacy Act (BIPA) grants the right to sue even without proof of actual damage and provides for damages of $1,000 per negligent violation and $5,000 per intentional violation – potentially an existential liability exposure for companies that use Claude in their daily operations.

Platform control through identification: The entrepreneurial logic behind it

Anthropic's decision cannot be assessed solely from a data privacy perspective – it follows a sound business logic. AI platforms worldwide face increasing regulatory pressure to prevent misuse. The growing use of language models to generate phishing material, disinformation, and non-consensual synthetic material is forcing providers to implement countermeasures that go beyond mere model security.

Identity verification is an obvious mechanism for user segmentation in this context: verified users gain access to more powerful features; unverified users are kept on a regulated basic version. This corresponds to the established freemium model, but linked to biometric data. For a company with a valuation of $380 billion and over 80 percent enterprise customers, the ability to implement granular user control is a significant strategic advantage. Furthermore, Anthropic positions itself as a security-focused company—explicitly differentiating itself from OpenAI. Identity verification plays into this narrative: it can be communicated as an acceptance of responsibility for potential security risks, even though it simultaneously creates new data privacy risks. This is a classic example of how security rhetoric is used to legitimize measures that are problematic from a data privacy perspective.

Vendor Lock-in: The underestimated strategic threat to companies

Beyond the specific data privacy aspect, the Anthropic Persona case illustrates a more fundamental problem that is often underestimated in corporate management: dependence on a specific AI platform and its ecosystem partners. Companies that have built their AI infrastructure entirely on Claude face a situation known in the literature as vendor lock-in. This dependency arises not primarily from contractual clauses, but from technical integration: specialized APIs, proprietary prompt architectures, model-specific fine-tuning, and ingrained internal workflows make switching platforms costly and time-consuming.

The strategic threat manifests itself precisely when the provider introduces unilateral changes—be it a new access requirement such as biometric verification, a price increase, a revised usage policy, or a geopolitically motivated market withdrawal. For companies that have built their core processes on a single AI provider, such changes are no longer a negotiable option but an operational risk. The lack of an exit strategy is a recognized serious failing in IT governance; in the AI ​​field, it is even more critical due to the complexity of the dependencies. Separately, the U.S. Government Accountability Office has already pointed to data protection gaps in federal AI governance and classified the concentration of sensitive identity data with third-party providers as a systemic risk.

Model independence as an architectural principle of digital resilience

The conceptually correct answer to the risk situation described here is a model-independent AI architecture. This principle has been established in cloud infrastructure for years: Multi-cloud strategies, which distribute workloads across multiple providers, minimize dependencies and enable rapid switching in the event of a disruption. The same principle applies to LLM architectures. A model-independent AI infrastructure technically requires that the orchestration layer—that is, the agent systems, workflows, and integrations—is abstracted from the respective model implementation. Standardized APIs create initial portability; however, true model independence in the long term requires the consistent development of a dedicated abstraction layer: an AI gateway architecture that treats models like interchangeable modules.

Open-source models are playing an increasingly important role in this strategy. Llama 4 and Mistral Large have nearly reached the performance level of commercial frontier models in many use cases. Companies that invest today in the capability to operate on-premises or cloud-owned models are building strategic resilience, meaning that the next unilateral platform decision by a provider will no longer have to be evaluated from scratch.

GDPR compliance: What companies need to do now

The recommended course of action for companies using Claude is clearly structured. First, it must be determined whether their own employees or systems are or could be affected by the identity verification requirement. Since Anthropic can also trigger verification as part of routine integrity checks, impact regardless of the specific situation cannot be ruled out.

Subsequently, the data protection obligations must be fulfilled: Anyone using Claude as a data processor within the meaning of the GDPR must ensure that a valid data processing agreement exists with Anthropic. Data Transfer Impact Assessments (TIAs) must be in place for data transfers to Persona as a subprocessor. Data protection impact assessments must be updated, as biometric data requires explicit consent or another narrowly defined legal basis according to Article 9 of the GDPR. Involving the company's data protection officer is not an optional precaution, but a legal obligation. European companies are also advised to examine whether customer-managed encryption keys are technically feasible – because only this approach effectively prevents US authorities from accessing data content via the CLOUD Act.

The bigger picture: Who controls tomorrow's infrastructure

The Anthropic Persona case is more than a privacy issue—it's a cautionary tale about the concentration of power in 21st-century digital infrastructure. A few closely intertwined companies increasingly control the internet's identity infrastructure: Persona performs 300 million verifications annually, and Reddit, LinkedIn, OpenAI, and now Claude all use the same system. The investors in these companies—Founders Fund, Coatue, Index Ventures—have stakes in many of these platforms simultaneously.

It's not conspiracy thinking, but structural analysis, to ask: Who has an interest in being able to link verified biometric identity anchors with behavioral data from millions of user interactions? And who would have the technological capability and the institutional interest to merge these data points? Palantir's core competency is precisely this data fusion – and its founding chairman is the most significant investor in the leading identity verification provider on the internet. The European response to this concentration of power is already enshrined in the EU AI Act and the GDPR, but in practice it is often underfunded and underimplemented. European supervisory authorities have the opportunity and the obligation to subject Anthropic's identity verification system to a thorough examination – this examination is long overdue.

Technological change requires institutional balance

Anthropic's identity verification measure is not scandalous in itself. Other large platforms implement similar procedures, and the goal of preventing abuse is legitimate. What is lacking, however, is proportionality: a procedure that leaves the smallest possible data footprint, is processed within the EU legal framework, and provides transparent information about the duration, location, and purpose of processing. Anthropic's own communication regarding the retention period remains deliberately vague – a finding that is unacceptable for biometric data belonging to a special category under the GDPR.

The real message of this episode is structural: In a world where AI assistants have become the infrastructure of millions of work processes, the decisions of their operators are no longer an internal company matter. They are infrastructure decisions with public consequences – and should be made transparent and regulated accordingly. Companies that rely on Claude shouldn't wait until the next unilateral step is taken to start looking for alternatives. Resilience begins with model independence – and model independence begins today.