Coinbase Faces Class-Action Lawsuit Over Alleged Biometric Privacy Violations

The cryptocurrency exchange Coinbase is under scrutiny as it faces a class-action lawsuit in Illinois. The case alleges that the company violated the state’s Biometric Information Privacy Act (BIPA) by improperly collecting and storing users’ facial data during its identity verification process.

Allegations Against Coinbase

A group of Coinbase customers has accused the platform of using facial recognition technology without providing adequate notice or obtaining proper consent. The lawsuit, filed on May 13 in the U.S. District Court for the Northern District of Illinois, claims that Coinbase’s Know Your Customer (KYC) checks involve scanning users’ facial geometry in a manner that breaches Illinois’ biometric privacy laws.

The Verification Process in Question

According to the complaint, Coinbase required users to upload a government-issued ID along with a selfie to verify their identities. These images were reportedly processed by third-party facial recognition software. The plaintiffs allege that this process captured their biometric identifiers, including faceprints, without:

  • Providing written notice of the data collection.
  • Obtaining explicit consent from users.
  • Offering a publicly available retention schedule or guidelines for data destruction, as mandated by BIPA.

β€œAt no point during the Verification Process are Coinbase users asked to consent to the collection of their biometric information, notified that their biometric data will be collected by an unrelated third party, nor provided with any information about the process, how it works, the type of information and data collected, whether said data is stored or disclosed to other entities, or any information about the retention or destruction of their biometric information.”

Third-Party Involvement

The lawsuit further alleges that Coinbase transmitted users’ facial data to third-party vendors such as Jumio, Onfido, Au10tix, and Solaris without obtaining explicit permission. This has raised significant concerns about the platform’s handling of sensitive user information.

Potential Legal Consequences

The plaintiffs are seeking financial penalties of up to $5,000 per reckless violation or $1,000 per case of negligence. In addition to monetary damages, they are pushing for reimbursement of legal expenses and injunctive relief to prevent similar practices in the future.

More than 10,000 individuals have reportedly filed for arbitration over these alleged violations. However, Coinbase has been accused of failing to pay the required arbitration fees, leading to the dismissal of many cases.

Previous Legal Challenges and Data Breaches

This is not the first time Coinbase has faced legal action over alleged BIPA violations in Illinois. In a similar case filed in May 2023, the company was accused of collecting biometric data, including facial and fingerprint templates, through its mobile app. That lawsuit was eventually paused after a judge approved Coinbase’s motion to move the dispute into arbitration. The case was dismissed without prejudice in February 2024 after both parties agreed to drop the matter.

In addition to biometric privacy concerns, Coinbase has been under fire for a recent data breach, where customer support agents were allegedly bribed to leak user data. This incident has led to at least six related lawsuits, further intensifying scrutiny over the exchange’s handling of sensitive information.

Regulatory Challenges in Illinois and Beyond

Coinbase’s legal troubles extend beyond biometric privacy. Illinois recently dropped a separate lawsuit against the exchange concerning its staking program. This move followed similar decisions by states like Kentucky, Vermont, and South Carolina after the SEC dismissed its own case against Coinbase’s staking operations.

As the cryptocurrency industry continues to grow, issues surrounding data privacy and regulatory compliance remain critical. Investors and users should stay informed about the legal and operational practices of platforms they engage with to safeguard their personal information and investments.

Post Views: 0