Coinbase is currently facing a class-action lawsuit filed by Illinois residents, accusing the crypto exchange of unlawfully collecting and sharing biometric data as part of its identity verification process.
The lawsuit, filed in federal court on May 13, claims that Coinbase violated Illinois’ Biometric Information Privacy Act (BIPA) by capturing users’ facial data without obtaining proper consent or providing adequate notice.
Consumer Fraud and Data Privacy Allegations
The suit asserts that users were required to upload a government-issued ID and a selfie during sign-up. These images were then sent to third-party facial recognition tools, where facial features such as geometry and faceprints were analyzed. The plaintiffs argue that this process occurred without their knowledge or consent, in direct violation of BIPA.
The lawsuit further alleges that Coinbase transmitted this biometric data to several third-party vendors, including Jumio, Onfido, Au10tix, and Solaris, without users’ approval. It also reveals that over 10,000 arbitration demands were filed, but Coinbase’s refusal to pay the required fees led to dismissals of these cases.
As a result, the plaintiffs are seeking damages of up to $5,000 for each intentional or reckless violation and $1,000 for each negligent violation, along with an order to halt the alleged data practices and cover court costs.
Previous Legal Issues and Privacy Concerns
This isn’t Coinbase’s first brush with legal action related to privacy concerns. In May 2023, a similar lawsuit was filed over Coinbase’s handling of facial recognition during onboarding.
Coinbase is also dealing with a recent data breach incident involving customer support agents allegedly leaking sensitive customer data. This breach has led to multiple class-action lawsuits accusing Coinbase of negligence, poor cybersecurity, and slow response times.
