I believe most crypto-related project that requires KYC from their user partnership with private companies which are good in the business online data activities to take care of the KYC aspect.
But for data selection, I don't think that will happen because the possibility of KYC is to know a certain user and to be held responsible if done something against the law.
There is risk of storing the data with any third party because they are always at the risk of hacks and if you have noticed that many times employees id are being compromised and hackers have access to users data in these private companies so you are totally vulnerable in these matters from security points of view.So share with legit sources only.