Coinbase continues to face legal problems in the United States.
Coinbase, the United States publically traded crypto exchange, faces allegations of violating Illinois biometric privacy laws by collecting and storing customer fingerprints and facial templates.
A proposed class-action lawsuit was filed on May 1st in a California District Court by a Coinbase customer, who claims the crypto exchange's practice of conducting Know Your Customer (KYC) checks are in breach of specific provisions of Illinois' Biometric Information Privacy Act (BIPA).
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Crypto Mining Pool? Is it Worth it? (Beginner-Friendly)
In particular, Coinbase user pointed out the requirement for customers to upload pictures of a valid identification document (ID) and a self-portrait.
The lawsuit emphasizes that BIPA mandates Coinbase to obtain user consent before collecting biometrics and to inform users about its purpose. In the suit, the plaintiff claims:
Coinbase had no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information.
The plaintiff alleges that Coinbase creates biometric templates of users' faces by scanning the uploaded photographs, which are then used to verify a match between the self-portrait and the picture on the submitted ID.
Thus, the filing claims that the crypto exchange has unlawfully collected and stored "thousands" of "highly detailed geometric maps of the face" and fingerprints of Illinois residents.
The alleged "collection, obtainment, storage, and use" of such data is considered "unlawful," putting users at "serious and irreversible privacy risks." The lawsuit states:
If Coinbase’s database containing facial geometry scans or other sensitive, proprietary biometric data is hacked, breached, or otherwise exposed, Coinbase users have no means by which to prevent identity theft.
The filing argues that once a Coinbase account is opened, the crypto exchange should have "permanently destroyed" the biometric data since its sole purpose was for account creation.
The lawsuit seeks damages of $5,000 per intentional BIPA violation or $1,000 if the court decides the alleged violations were not intended.
This lawsuit highlights the growing concerns surrounding the storage of biometric data, emphasizing the need for transparent policies and stringent security measures to protect users' privacy.
Crypto exchange Coinbase also faces legal actions from US Securities and Exchange Commission (SEC) over alleged securities law violations.
