To establish legal identity in the United States, three documents are generally used: birth certificate, driver’s license, and personal identification card.[1] A birth certificate is the primary form of legal identity in Guam.[2] In order to enroll in school, apply for public health insurance, and apply for a passport, a birth certificate is required.[3] Guam has a 100% birth registration rate.[4]
No national Digital ID system currently exists within Guam or at the federal level in the United States. Digital ID currently exists on a state-by-state basis with only some states, such as Colorado, offering a form of digital identification.[5]
Domestic law and policy regarding digital identity exists on a state-by-state basis in the United States. No such movement towards digital ID exists in Guam. While the U.S. Congress is currently considering a Digital ID law, that law is currently in the very early stages of the legislative process.[6] While a biometric fingerprint system exists for the issuance of firearms identification cards, no steps towards establishing a framework for digital ID have been undertaken in Guam.[7]
The United States currently does not have a comprehensive data protection and privacy law at the federal level. The law directs certain industries, such as healthcare providers under the Health Insurance Portability and Accountability Act (HIPPA) and financial institutions under the Gramm-Leach-Bliley Act (GLBA), on how to use and protect sensitive data.[8] Industries must limit collection of data of children under the age of 13 and obtain guardian or parental consent before obtaining personal information of underaged children under the Children’s Online Privacy Protection Act.[9]
Comprehensive data protection and privacy law exist on a state-by-state basis, the most notable being the California Consumer Privacy Act (2018) (CCPA).[10] The law grants California residents a number of rights, including the right to know, the right to know about the personal information collected and used, the right to delete personal information, the right to opt-out of the sale or sharing of personal information,[11] the right to non-discrimination for exercising their CCPA rights, the right to correct inaccurate personal information, and the right to limit the use and disclosure of sensitive personal information. Businesses under the CCPA must respond to consumer requests to exercise the rights listed and provide notice on business privacy practices.[12] Under the CCPA, sensitive personal information includes biometric data.[13] While not directly pertaining to digital ID, these laws mandate businesses that may in the future inform how laws on digital ID are made. Note that the laws above generally do not apply to government entities. As these laws do not distinguish between the nationality/citizenship status of the data subject, these laws also apply to stateless persons, refugees, or migrants.
No digital ID and data protection law akin to the CCPA exist for Guam. Guam’s Data Breach Notification Law (2022) requires that agencies, businesses and organizations notify affected parties in the event of a data breach of personal information such as social security numbers, driver’s license numbers or Guam identification cards, and financial account numbers.[14]
While the United States is not a party to any international framework, agreement, or treaty that obligates the United States to conduct itself in a certain way regarding digital IDs, the United States is a member of a number of organizations studying the best path forward regarding digital IDs. As a member of the OECD, the United States was a party to a G7 Mapping Exercise of Digital Identity Approaches to inform discussions within the G7 Digital and Technology Working Group.[15] The United States also plays a role in shaping standards in the private sector, including digital ID, with the National Institute of Standards and Technology and the documents they release to shape industry standards.[16]
The United States does not currently violate any obligations through the implementation of the Digital ID system.
The Impact of Digital ID and Legal Identity on Citizenship and Nationality Rights
Without a digital ID system, there are currently no implications of digital ID on statelessness in Guam.
‘CRM 1508. Specifically mentioned Identification Documents – 18 U.S.C. 1028’ (U.S. Dept. of Justice) <https://www.justice.gov/archives/jm/criminal-resource-manual-1508-specifically-mentioned-identification-documents-18-usc-1028> accessed 13 February 2025.
‘Civil Registration and Vital Statistics in Guam’ (Pacific Community and United Nations Children’s Fund (UNICEF) 2021) <https://sdd.spc.int/digital_library/civil-registration-and-vital-statistics-guam>.
‘Civil Registration and Vital Statistics in Guam’ (Pacific Community and United Nations Children’s Fund (UNICEF) 2021) <https://sdd.spc.int/digital_library/civil-registration-and-vital-statistics-guam>.
‘Civil Registration and Vital Statistics in Guam’ (Pacific Community and United Nations Children’s Fund (UNICEF) 2021) <https://sdd.spc.int/digital_library/civil-registration-and-vital-statistics-guam>.
‘Colorado Digital ID’ (myColorado) <https://mycolorado.gov/colorado-digital-id> accessed 13 February 2025.
S.884 - Improving Digital Identity Act of 2023 (U.S. Congress) <https://www.congress.gov/bill/118th-congress/senate-bill/884/all-info> accessed 13 February 2025.
Abigail Opiah, ‘Thales powers Guam Police’s revived biometric system for gunowner IDs (Biometric Update 9 October 2024) <https://www.biometricupdate.com/202410/thales-powers-guam-polices-revived-biometric-system-for-gun-owner-ids> accessed 13 February 2025.
Conor Murray, ‘U.S. Data Privacy Protection Laws: A Comprehensive Guide’ (Forbes 25 April 2023) <https://www.forbes.com/sites/conormurray/2023/04/21/us-data-privacy-protection-laws-a-comprehensive-guide> accessed 13 February 2025.
Conor Murray, ‘U.S. Data Privacy Protection Laws: A Comprehensive Guide’ (Forbes 25 April 2023) <https://www.forbes.com/sites/conormurray/2023/04/21/us-data-privacy-protection-laws-a-comprehensive-guide/> accessed 13 February 2025.
Conor Murray, ‘U.S. Data Privacy Protection Laws: A Comprehensive Guide’ (Forbes 25 April 2023) <https://www.forbes.com/sites/conormurray/2023/04/21/us-data-privacy-protection-laws-a-comprehensive-guide/> accessed 13 February 2025.
‘California Consumer Privacy Act (CCPA)’ (California Attorney General 13 March 2024) <https://oag.ca.gov/privacy/ccpa> accessed 13 February 2025.
‘California Consumer Privacy Act (CCPA)’ (California Attorney General 13 March 2024) <https://oag.ca.gov/privacy/ccpa> accessed 13 February 2025.
‘California Consumer Privacy Act (CCPA)’ (California Attorney General 13 March 2024) <https://oag.ca.gov/privacy/ccpa> accessed 13 February 2025.
‘Data Breach Regulations for Residents Within Guam’ (CaseGuard, 6 January 2022) <https://caseguard.com/articles/new-data-breach-law-in-the-u-s-territory-of-guam/> accessed 13 May 2025.
‘G7 Mapping Exercise of Digital Identity Approaches’ (Organization for Economic Co-operation and Development 15 October 2024) <https://www.oecd.org/en/publications/g7-mapping-exercise-of-digital-identity-approaches_56fd4e94-en.html> accessed 13 February 2025.
‘What we do’ (National Institute of Standards and Technology) <https://www.nist.gov/> accessed 13 February 2025.
