> emphasizing in some contexts that the hashes on the chain are all that technically HAVE to be retained
Even the context of the primary reason they cite for collecting retinal data (to prevent the same person from getting $50 multiple times) requires they keep this data for at least as long as they're paying people to scan their eyeballs.
Why do they need the original to prevent people to get paid multiple times? What good is the hash they're storing if the same person's retinas don't reliably produce the same hash?
I'm talking about retaining the hash, not the original eyeball data. Retaining the hash is nearly as bad as retaining the original data, so I consider them both to be roughly equivalent for this use case.
Even the context of the primary reason they cite for collecting retinal data (to prevent the same person from getting $50 multiple times) requires they keep this data for at least as long as they're paying people to scan their eyeballs.