Erroneously in my opinion. Verifying someone's identity does not require making a copy. Nor is a copy sufficient.
The one thing making a copy is supposed to achieve is prove that someone saw the original. But what's important is not what was on it, but who saw it, where and when and whether it was valid. This doesn't require knowing what exactly is on the document, and a mere copy achieves none of these.
What grinds my gears is idiots in the Dutch government who should know better and decided to write into law that a copy or transcript is sufficient proof. So now everyone is storing lots of sensitive information to prove something the information does not show.
I have no problem showing ID to my local bank though. They at most photocopy it and put it in a paper file, which maybe goes into Docstar or something. I don't trust $big_tech_site to actually a) do a good job securing it and b) not just sell the information to someone anyway.
It's silly. AT&T wanted it from me to add a phone on a business account that was shipping to our physical address, which has not ever changed since the account was opened. eBay wanted it (and my SSN! and my wife's!) despite our account being a business account registered with an EIN and connected to a business bank account. Instagram/Facebook/Meta/whatever wanted it to reactivate a dormant account that talked to a still-valid email address to which I had access.
> I have no problem showing ID to my local bank though
Me neither. But they normalized this behavior when moving to mobile apps for netbanks by requiring people to photograph their IDs and take selfies for KYC.
After all this KYC stuff, photographing personal documents became normal and then many other big tech companies started requiring this stuff. I think even Facebook started asking people to send pictures of IDs to verify accounts.
I know phone companies in EU started doing this.
I still refuse doing it for all these trivial services and it has a real cost in that it prevents me from using several services. At some point I will probably have to do it.
In my country, we recently had a real estate agency who got hacked and had all their KYC stuff exposed and sold for ID theft. It is a huge mess.
The company then reached out to all the persons that were affected by mail telling them that this happened and that they should contact them immediately.
So I contacted them. First step when contacting them was them requiring to prove my identity by sending photo of my personal ID again. Yeah, fool me once....
Not clear I guess, but I meant small claims for anyone facing the same issue. Over and over we get bullied by these big companies looking to solve their problems at the expense of the little guy. And have no recourse.