Do not use xID for ...
We recommend that xID is not used for any of the following applictions:
- If law or practice follows strict requirements for safety and security, and the merchant needs to know the exact identity of the actual user logging in or signing up
- For making larger payments and transactions
- For selling data retrieved from xID without the users explicit consent
- For using data retrieved from xID in an inappropriate manner without the users explicit consent. The merchants should still follow the laws about online marketing and the use of user data.
- For letting the user access sensitive personal information or sensitive information related to his work
Note that this is a small selection of use cases, and that the merchant himself takes the risk concerning the use of xID on his websites.