Revolut collects copies of your identity documents and processes biometric-style data as part of identity verification, which is a more sensitive category of personal data under UK data protection law.
This analysis describes what Revolut's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Identity document data and biometric verification data are treated as special categories under UK GDPR, meaning stricter rules apply to how they are collected, stored, and used, and Revolut must have a stronger legal basis for this processing.
Interpretive note: The document does not specify retention periods for identity documents or the precise legal basis for biometric-style processing, creating interpretive uncertainty about whether all UK GDPR special category requirements are fully addressed in disclosed terms.
Revolut retains copies of your passport or driving licence and processes them through identity verification systems, which constitutes high-sensitivity data processing; if there were a data breach involving this data, the consequences for affected individuals could be severe.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Revolut has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"copies of your identification documents (for example, your passport or driving licence) and any other information you provide to prove you are eligible to use our services— Excerpt from Revolut's Revolut Privacy Policy
(1) REGULATORY LANDSCAPE: Processing of biometric data used for unique identification and identity document data may engage UK GDPR special category provisions, requiring an explicit legal basis such as explicit consent or a legal obligation basis alongside the standard lawful basis. The ICO's guidance on biometric data and identity verification applies. AML and KYC regulations under the Money Laundering Regulations 2017 impose independent obligations to collect and retain identity documents, creating a regulatory basis that partially overlaps with the privacy obligations. (2) GOVERNANCE EXPOSURE: High. Identity document data is among the most sensitive personal data categories because it is difficult to change if compromised. Data breaches involving passport or driving licence copies trigger mandatory ICO notification obligations and can result in significant harm to affected individuals. Data Protection Impact Assessments are likely required for this processing under UK GDPR given the high risk to individuals. (3) JURISDICTION FLAGS: UK GDPR and the DPA 2018 govern this processing for UK customers. Illinois BIPA would apply to biometric data if any US operations process Illinois residents' biometric identifiers. The ICO's Children's Code creates heightened obligations for identity data relating to minors in the Revolut Kids and Teens context. (4) CONTRACT AND VENDOR IMPLICATIONS: Third-party identity verification vendors used by Revolut must be assessed as data processors under data processing agreements that meet UK GDPR standards, with clear provisions on data retention, security standards, and sub-processor use. Vendor certifications such as ISO 27001 should be reviewed as part of due diligence. (5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that DPIAs have been completed for identity document and biometric data processing, that retention periods for these documents are limited to what is necessary under AML regulations, and that appropriate technical and organizational security measures are documented. The lawful basis for processing beyond AML obligations, such as for ongoing eligibility verification, should be clearly documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Identity document data and biometric verification data are treated as special categories under UK GDPR, meaning stricter rules apply to how they are collected, stored, and used, and Revolut must have a stronger legal basis for this processing.
Revolut retains copies of your passport or driving licence and processes them through identity verification systems, which constitutes high-sensitivity data processing; if there were a data breach involving this data, the consequences for affected individuals could be severe.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Revolut.