That’s not the problem. That data may be sold to other entities. The issuing entity in charge of creating the digital identity could sell that data to generate a profit.
How is it guaranteed that our data is safe?
It would be best that the data is deleted once the issuing entity verifies our real identity with some state document or passport
verify that it is a real person > create the digital identity > deliver the digital identity to the corresponding address > delete the data
make sure that the digital identity cannot be transferred (That it is linked to that address)