Thousands of Users Allege Unauthorized Collection of Biometric Information by Coinbase in Dramatic Legal Action
Coinbase Faces Class-Action Lawsuit Over Biometric Data Collection
In a significant development, cryptocurrency exchange Coinbase is facing a class-action lawsuit in Illinois, accusing the company of illegally gathering and sharing users' biometric data. The lawsuit, filed in the U.S. District Court for the Northern District of Illinois, alleges that Coinbase violated the Biometric Information Privacy Act (BIPA) by not informing users about the collection of their facial data.
The lawsuit, led by plaintiffs Scott Bernstein, Gina Greeder, and James Lonergan, claims that Coinbase's Know Your Customer (KYC) process collects users' facial geometry without consent. The process, the plaintiffs argue, requires users to upload a government-issued ID along with a selfie for identity verification. These images, according to the complaint, are processed by third-party facial recognition services like Jumio, Onfido, Au10tix, and Solaris, allegedly at Coinbase's direction, without user knowledge or consent.
The complaint contends that this practice captures unique facial data, considered sensitive biometric identifiers, without adhering to BIPA's requirement that companies provide advance written notice and obtain informed consent before collecting such data.
Furthermore, the plaintiffs allege that Coinbase has never made public any retention schedules or data destruction policies, in violation of BIPA's mandate that companies clearly inform users how long their biometric data will be stored and when it will be permanently deleted. The complaint adds that Coinbase is still storing this data and possibly sharing it with outside suppliers, without defined deadlines or control, putting users' sensitive biometric data at risk.
The lawsuit also points to a controversy involving over 10,000 arbitration claims that were dismissed due to Coinbase's refusal to pay arbitration fees. This move could be part of Coinbase's strategy to avoid individual arbitration, a common way for businesses to avoid expensive class-action lawsuits.
The lawsuit is seeking damages of $5,000 per willful or reckless violation, $1,000 per negligent violation, injunctive relief, and attorney fees. It also claims that Coinbase broke the Illinois Consumer Fraud and Deceptive Business Practices Act by lying to users about how their data would be used.
As of press time, Coinbase has not yet issued a formal response to the claims. This latest lawsuit follows a similar accusation against Coinbase in 2023, which was ultimately dropped after the parties agreed to send the case to arbitration. However, the current lawsuit involves tens of thousands of affected users and well-known third-party providers, leading legal experts to believe that it could set a significant precedent for how biometric data is handled in the crypto industry.
- The class-action lawsuit against Coinbase alleges that the crypto exchange violated the Biometric Information Privacy Act (BIPA) by not informing users about the collection of their facial data during the Know Your Customer (KYC) process.
- The lawsuit claims that Coinbase requires users to upload a government-issued ID along with a selfie for identity verification, which allegedly results in the collection of unique facial data by third-party facial recognition services like Jumio, Onfido, Au10tix, and Solaris.
- The plaintiffs contend that this practice captures sensitive biometric identifiers without adhering to BIPA's requirement for advance written notice and informed consent before collecting such data.
- The complaint adds that Coinbase has never made public any retention schedules or data destruction policies, which allegedly violates BIPA's mandate that companies clearly inform users how long their biometric data will be stored and when it will be permanently deleted.
- The lawsuit also claims that Coinbase's practices put users' sensitive biometric data at risk, as it is still being stored and possibly shared with outside suppliers without defined deadlines or control.
