Coinbase Hit With Lawsuit Over Alleged Biometric Privacy Violations
The crypto exchange Coinbase is facing a class action lawsuit alleging a privacy violation in its operation. A customer accused the exchange of breaching privacy laws in Illinois in collecting and storing users’ fingerprints and facial scans.
On May 1, a Coinbase customer filed a lawsuit against the crypto exchange in a California District Court. The user stated that Coinbase harvests the uploaded copies of customers’ valid IDs and self-portraits during account opening.
Though the exchange placed the requirement to conduct Know Your Customer (KYC) checks, the user alleged that it violated privacy laws.
Lawsuit Against Crypto Exchange Coinbase
According to case filing, Coinbase allegedly violated some of Illinois’s Biometric Information Privacy Act (BIPA) provisions. The document stated that BIPA demands Coinbase to have customers’ permission before collecting their biometrics.
Related Reading: Biggest Week For Bitcoin And Crypto In 2023 Ahead: Key Events
Further, it must declare the purpose for such data collection, and the users should be aware of how long it will store such data.
The document mentioned that Coinbase has been creating, collecting, and storing many biometric details of users resident in Illinois. It cited that the data contains geometric maps of customers’ faces and fingerprints. Also, Coinbase is using biometric authentication on its mobile app to verify users when logging in to their accounts.
Further, the lawsuit argues that Coinbase has no written policy released to the public that states its data retention schedule. Also, the exchange lacks procedures for the destruction of its biometric data permanently.
The suit mentioned that Coinbase uses the same procedure as other exchanges to scan pictures and develop a biometric template for a customer’s face. Then, the exchange will use the data to match the face scan and the image on the uploaded ID before confirmation.
The complaint noted that Coinbase’s collection and storage of such users’ details pose high and irreversible privacy risks. As such, the suit seeks damages of $5,000 per intentional BIPA violation or $1,000 if the court rules that the alleged violation was unintentional. Also, the exchange will bear the attorney fees and other court costs attributed to the case.
Illinois BIPA Could Spring More Lawsuits
BIPA is a law demanding that firms, companies, and organizations obtain customers’ consent before collecting their biometric data. Also, the entities must state the length of time they will keep the collected data. However, the Illinois Biometric Information Privacy Act has sparked several lawsuits in different industries.
Most notably, in 2021, the world’s largest crypto exchange Binance faced a similar lawsuit from a user for violating the Illinois BIPA.
The customer filed the case against Binance Capital Management Co., operating as Binance BAM Trading Services, Binance.US, and Jumio Corporation.
Featured image from Coinbase, chart from TradingView.com