The requirement [0] is “Must reject entry to anyone using a fake or duplicate ID.” I gather that the bars have determined that the easiest way to detect duplicate IDs is to outsource to these services that capture IDs and can be queried at time of entry. I have no idea how long they keep them, but it seems safe to assume they would value the data forever.
I’m sure it depends on the bar if they care about retention or derived insights but I fully expect the service providers to retain these records indefinitely for the purpose of monetization.
Presumably using these services alleviates some legal liability for the business.
I do wonder if there’s a legal requirement for retention and what access the government has to the data.
I suspect that you're probably also individually tracked and logged when going to bars thanks to GPS systems (phone/car), indoor/outdoor security cameras, cell phone location data (via gps/bluetooth/wifi), license plate readers, red light cameras, electronic toll collection systems (https://www.aclu.org/news/privacy-technology/newly-obtained-...), credit card transaction records, ring cameras, atm cameras, and bluetooth tracking beacons. By the time someone scans your ID your location has probably already been recorded many times over. No doubt that the government is collecting and keeping records from at least some of those sources and I imagine that the coverage of even just a few of those records in combination are comprehensive.