Anthropic's Privacy Policy Update Clarifies Identity Verification and Data Sharing

iconChainthink
Share
AI summary iconSummary

image

Anthropic announced a privacy policy update on June 8, with the new version taking effect on July 8 for individual users of Claude Free, Pro, and Max. Following the announcement, Chinese tech and community circles rapidly disseminated the news, with mainstream narratives focusing on two key points:

After comparing the original text of the new policy, the previous version (dated September 28, 2025), and Anthropic’s official update summary point by point, we found that most of the conclusions in this narrative do not align with the actual policy text.

Myth #1: Identity verification with facial recognition was an old process from April, not a new policy in July.

Treating identity verification as a "sudden new policy" on July 8 is the most common misconception in the current spread chain.

The fact is that Anthropic enabled the identity verification mechanism on the Claude platform on April 14, 2026. The following day, the official website's help center officially launched the "Identity Verification" policy page.

According to reports from V2EX, East Money, and 36Kr at the time, users triggering verification were required to submit government-issued physical identification documents (passport, driver’s license, or ID card) through the third-party compliance service provider Persona and complete a real-time facial liveness detection via camera. East Money’s Wealth Account platform noted that those affected were primarily users subscribed to Max’s highest paid tier, frequent users, or accounts flagged by the risk control system as potentially suspicious, with some developers having their accounts suspended due to AI misidentification.

In other words, the issue of “whether to submit identification documents” already occurred two months ago and had previously triggered a backlash from developers. The privacy policy update on July 8 did not introduce this action anew; rather, it formally incorporated the existing verification mechanism’s data collection practices into the privacy policy text—the newly added “Verification Data” section explicitly lists the data to be collected:

Government-issued identification documents, including the document number and date of birth printed on them, photographic or video portraits, facial geometry templates (classified as biometric data in certain jurisdictions), and the verification results themselves.

Misinterpreting "policy document retroactive registration" as "mechanism suddenly launched" completely distorts the timeline.

image

Myth #2: "Opening data to law enforcement" is unfounded; a word-for-word comparison of the new and old terms shows no substantive tightening.

The most impactful and most in need of correction in the chain of dissemination is the claim that "the new rules lower the threshold for disclosing user data to law enforcement." Some Chinese paraphrases suggest that the previous version required disclosure only when "legally mandated," while the new version relaxes this to allow disclosure whenever Anthropic has a "good faith belief."

We also couldn't find the source of this comparison framework in Claude's original text.

Section 3 of the new version states: Anthropic may share data with government agencies, law enforcement, or third parties in good-faith belief that such disclosure is reasonably necessary, based on available information, for four categories of situations:

Comply with legal requirements or legal procedures (including responding to enforceable government requests), prevent serious harm to persons or property, detect and prevent fraud or illegal activities, enforce terms, and protect the rights, safety, and interests of Anthropic, its users, and others.

The key is how the previous version (dated September 28) was worded. Section 3 of the previous version also permitted disclosure when deemed necessary to protect your or others’ health and safety, prevent fraud or credit risk, or enforce legal rights, and it similarly included provisions for disclosing data to government regulators “as required by law” or to assist in investigations. In other words, the previous version never restricted disclosure solely to cases where legally mandated—it always allowed Anthropic discretion to disclose based on its own judgment.

The result of the character-by-character comparison is:

The new version rewrites this section in a more structured manner, explicitly identifying "law enforcement authorities" and incorporating the qualifier "good faith belief." The four scenarios are now clearly itemized. From a legal standpoint, "good faith belief" serves as a limiting standard requiring善意依据, not a lowered threshold. More precise wording does not equate to a lower bar. Anthropic’s official update summary characterizes this change merely as "clarifying when data may be shared with third parties."

image

Another fact in the opposite direction can help correct this misinterpretation.

In August 2025, the U.S. District Court for the Northern District of California ruled in the copyright case brought by Universal Music Group and other publishers against Anthropic that Anthropic was not required to provide publishers with user personal information. According to Intellectual Property Finance, citing Bloomberg, the judge found that linking conversation content to specific users lacked sufficient grounds and would unduly infringe on third-party privacy interests. In that case, Anthropic took the position of refusing to hand over user data, illustrating that the operation of “good faith belief” standards in practice is far more complex than the simplistic notion of “opening data to law enforcement.”

Regarding the specific claim that "biometric data is not stored on Anthropic's servers and is processed by Persona," this statement appears in Chinese media paraphrases but is not present in the official updated policy. It cannot be verified from primary sources and should be treated as unconfirmed.

What the policy actually changed: The data flow for Agent tasks was written into the text for the first time.

Removing the exaggerations, the true substantive addition in the new policy is the explicit specification of data flows when Claude performs multi-step tasks and connects to third-party applications—exactly the area that the previous version barely addressed.

The updated Section 1 and Section 3 state that when users connect to third-party services or instruct Claude to perform tasks on their behalf (such as reading files, sending messages, or retrieving information), Claude will directly send the user’s input, output, and instructions to the third-party service, which will handle this data according to its own privacy policy; Claude will also retrieve content from the third-party service, and this content will then become part of the user’s input. Some integrations will maintain access permissions until the user actively disconnects.

This updates the compliance foundation for the agent-based product format. When the previous privacy policy was written, Claude was primarily a question-and-answer conversational tool; the new version addresses a new question: how data flows between you, Anthropic, and third parties when AI performs actions across multiple external applications on your behalf. The updated policy also notes that as agent tasks grow more complex, the scope of verification scenarios may continue to expand. For users heavily reliant on connectors and Claude Code workflows, this point is more significant than “whether to submit your ID”—your data footprint will expand alongside Claude’s agent capabilities.

In addition to the Agent data flow and verification data, the new version adds a section on "Research Participation Data"—data collected when users participate in Anthropic’s surveys and interviews—and provides greater detail on the legal basis for marketing recommendations and data processing. In the update summary, Anthropic reiterates three unchanged commitments: never selling user data, keeping Claude ad-free, and allowing users to control whether their conversations are used for model training.

Place this update in context: it is more of a compliance review to align policy language with existing product features, rather than an active tightening of user privacy.

The high热度 in the Chinese community stems partly from mixing old news from April, standard industry terms, and genuine new additions. For ordinary users, the real risk of account suspension comes from violating terms of use or being flagged by risk controls—this risk existed in April and has not been heightened by this update. Concerns that “chat logs may be arbitrarily handed over to police” are significantly exaggerated, as both the original text and the California ruling clearly indicate.

Note: This article was written by Claude itself and is more persuasive than media reports that paraphrase it.

Reference link:

Anthropic's New Privacy Policy:

https://www.anthropic.com/legal/privacy

Author: Claude, Shenchao TechFlow

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.