- Coinbase was sued in Illinois for collecting facial biometric data without user consent.
- Over 10,000 arbitration claims were dismissed as Coinbase allegedly avoided paying fees.
- Plaintiffs seek up to $5,000 per violation under the Illinois Biometric Information Privacy Act.
Cryptocurrency exchange Coinbase users have filed a class-action lawsuit in the U.S. District Court for the Northern District of Illinois, claiming the company violates the state’s Biometric Information Privacy Act (BIPA) requirements. According to Scott Bernstein, Gina Greeder, and James Lonergan, Coinbase requires users to submit a government-issued photo ID and a selfie, which the platform scans using third-party facial recognition software.
The lawsuit filed on May 13 states that Coinbase did not inform users of its biometric information or retention schedule before collecting, storing, and using their facial data. The plaintiffs claim that Coinbase did not notify users before collecting or processing their biometric identifiers. They also claim that Coinbase did not provide a publicly available policy detailing how long the data would be kept or how it would be destroyed, which is a specific requirement under BIPA.
Court documents state, “At no point during the verification process are Coinbase users asked to consent to the collection of their biometric information, notified that their biometric data will be collected by an unrelated third party, nor provided with any information about the process.” The suit identifies Jumio, Onfido, Au10tix, and Solaris as vendors that handled user data.
Related: Coinbase Data Breach: Brian Armstrong Offers $20 Million Bounty for Intel on Attackers
Allegations of Unconsented Data Sharing and Arbitration Issues
According to the plaintiffs, Coinbase’s third-party vendors scanned and extracted users’ facial geometry to confirm identities. The lawsuit asserts that Coinbase directed these vendors to use their software in a way that resulted in the capture of biometric data, all without explicit user permission. This lack of disclosure or consent, the plaintiffs claim, violates Illinois’ biometric privacy regulations.
The group further alleges that Coinbase shared sensitive biometric data with these verification vendors without user consent. This action, they say, breached both BIPA and the Illinois Consumer Fraud and Deceptive Business Practices Act.
The complaint also mentions that over 10,000 arbitration claims have been filed regarding these topics, but since Coinbase has reportedly not paid the required arbitration fees, many claims have been dismissed. The group also demands $5,000 in damages for every willful or reckless violation and $1,000 for every negligent violation, in addition to relief and litigation costs.
Past Privacy Lawsuits and Intensified Scrutiny on Coinbase
Moreover, Coinbase has previously encountered legal action related to privacy issues. In May 2023, a separate lawsuit accused Coinbase of violating the BIPA through its mobile app. After the judge paused the case and suggested arbitration, the defendants and the plaintiffs decided to drop the case.
Coinbase has also recently faced multiple lawsuits connected to the alleged bribery of customer support agents who leaked user data. At least six lawsuits have been filed over these breaches since the exchange disclosed the incidents on May 15. As scrutiny over the exchange’s handling of sensitive data grows, the Illinois class-action lawsuit adds new pressure to Coinbase’s compliance and privacy practices.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
