Coinbase is facing a class-action lawsuit filed by a group of Illinois residents who allege the crypto exchange illegally collected and shared their biometric data as part of its identity verification process.
The suit, brought to federal court on May 13, claims the company violated Illinois’ Biometric Information Privacy Act (BIPA) by capturing users’ facial data without proper notice or consent.
Consumer Fraud and Data Breach Charges
According to the submission, users were asked to upload a government ID and a selfie as part of the sign-up procedure. These images were then sent to third-party facial recognition tools that analyzed facial features like geometry and faceprints. However, the suit claims this was done without the consent of users, which the violates BIPA.
“At no point during the verification process are Coinbase users asked to consent to the collection of their biometric information, notified that their biometric data will be collected by an unrelated third party, nor provided with any information about the process,” the lawsuit states.
The complaint also accuses Coinbase of transmitting this data to several third-party vendors, including Jumio, Onfido, Au10tix, and Solaris, without getting permission from the parties. Further, the document reveals that over 10,000 individuals filed arbitration demands, but Coinbase’s refusal to pay the required fees led to their cases being dismissed.
As a result, the plaintiffs have charged the exchange with three claims of violating state biometric privacy laws and one for consumer fraud under the Illinois Consumer Fraud and Deceptive Business Practices Act.
They are seeking damages of $5,000 for every reckless or intentional violation, and $1,000 for each negligent one. The group has also lodged an order to stop the alleged data practices and wants Coinbase to cover its court costs.
A Privacy Time Bomb
This is not Coinbase’s first involvement in such legal troubles. In May 2023, similar action was taken over the company’s handling of facial recognition during onboarding.
Meanwhile, the exchange is also dealing with the fallout from a recent data breach in which customer support agents were allegedly bribed to leak sensitive customer information. That incident caused at least six separate class-action lawsuits between May 15 and May 16, with Coinbase being accused of negligence, poor cybersecurity measures, and a slow response.
Nanak Nihal Khalsa co-founder of Holonym, a privacy-focused identity company, said the problem is bigger than just the platform.
“The Coinbase breach proves what we’ve known all along, KYC without zero knowledge is a privacy time bomb. You can’t collect and warehouse millions of user identities without eventually becoming both a target and a liability.”
Khalsa added that users should not have to give up privacy just to access crypto services. According to the specialist, the future of identity is not in storing data but in using zero-knowledge tools that let people prove who they are without giving away personal details.
The post Coinbase Faces Lawsuit Over Unauthorized Biometric Data Collection appeared first on CryptoPotato.
