If you sell items on StockX, the company may ask you to provide a government-issued ID such as a passport or driver's license as part of verifying who you are.
This analysis describes what StockX's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Government-issued ID is among the most sensitive categories of personal data and its collection by a consumer marketplace creates heightened security and misuse risks if not properly protected.
Interpretive note: The exact document language on government ID collection was not fully visible in the rendered text; the provision is inferred from standard StockX seller verification practices and partial policy text; the specific GDPR legal basis and retention terms for this data are not detailed in the visible policy excerpt.
Sellers on StockX may be required to submit government-issued identification, meaning highly sensitive identity documents are held by a commercial platform and shared with verification service providers, creating potential exposure if that data is breached or misused.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
StockX has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect government-issued identification (such as a driver's license or passport) from sellers for identity verification and fraud prevention purposes.— Excerpt from StockX's StockX Privacy Policy
REGULATORY LANDSCAPE: Collection of government-issued identification constitutes processing of sensitive personal information under the CPRA for California residents, and may qualify as special category data under GDPR Article 9 depending on what information is contained in the document. The FTC Act is also relevant given its broad unfair or deceptive practices jurisdiction over data security failures involving sensitive identifiers. Relevant enforcement authorities include the California Privacy Protection Agency, EU data protection authorities, and the FTC. GOVERNANCE EXPOSURE: High. The collection of government ID by a consumer marketplace is operationally distinct from most peer platforms and creates elevated obligations under CPRA including purpose limitation, data minimization, and the requirement to offer consumers the ability to limit use of sensitive personal information. Under GDPR, processing this category of data requires a clear lawful basis beyond legitimate interests in most interpretations, and the policy's basis assertions for this specific data type should be evaluated carefully. JURISDICTION FLAGS: California (CPRA sensitive personal information obligations), EU and UK (GDPR special category or at minimum sensitive data treatment), Illinois (potential BIPA implications if any biometric extraction occurs during ID verification), and New York (SHIELD Act data security obligations for private information including government IDs). CONTRACT AND VENDOR IMPLICATIONS: Any third-party identity verification vendors processing government IDs on behalf of StockX must be covered by appropriate data processing agreements that address retention limits, sub-processor restrictions, and security standards. Procurement teams should audit whether existing vendor agreements are sufficient for this sensitive data category and whether vendor security certifications meet applicable standards. COMPLIANCE CONSIDERATIONS: Legal teams should confirm that the lawful basis asserted for government ID processing under GDPR is documented and defensible, that data minimization principles are applied (e.g., IDs are not retained longer than verification requires), that CPRA sensitive data obligations including the right to limit use are operationally implemented, and that breach notification obligations specific to government ID data are reflected in incident response plans.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Government-issued ID is among the most sensitive categories of personal data and its collection by a consumer marketplace creates heightened security and misuse risks if not properly protected.
Sellers on StockX may be required to submit government-issued identification, meaning highly sensitive identity documents are held by a commercial platform and shared with verification service providers, creating potential exposure if that data is breached or misused.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by StockX.