The massive personal data breach at Coupang shows that collecting everything “just in case” is the default, because users have no practical way to say no, according to an IT expert Thursday. This reflects a deeper architectural flaw in digital identity systems where data oversharing is an unavoidable outcome of how identity verification is designed, said Javed Khattak, co-founder and chief financial officer of cheqd, a payment infrastructure firm. “We don’t know the exact dataset involved, but in e-commerce it’s common to store sensitive information like full birth dates when all the company needs is an age check,” he said in an interview with The Korea Times. The pattern exists across industries. Sometimes it’s driven by regulation, but far more often it’s driven by marketing, profiling and recommendation engines, in his view. “The underlying issue is that most companies treat personal data as fuel for their business, resulting in an aim to collect as much as possible rather than to minimize. The cheapest option is simply to store everything indefinitely, even when it