Coinbase faces lawsuit for allegedly violating Illinois biometric privacy law

Source: Cointelegraph
Original: (Coinbase faces lawsuit for allegedly violating Illinois biometric privacy law)

A group of Coinbase users from Illinois filed a class action lawsuit against the cryptocurrency exchange, accusing its identification verification procedures of violating the state's Biometric Information Privacy Act (BIPA).

Plaintiffs Scott Bernstein, Gina Greeder, and James Lonergan filed a lawsuit in federal court on May 13, claiming that Coinbase's "mass collection" of facial features to meet 'Know Your Customer' (KYC) requirements violated BIPA, as they did not receive relevant notifications.

The user group pointed out that Coinbase failed to provide written notice to users regarding the collection, storage, or sharing of their biometric data, as well as the purposes for data use and retention plans.

"Coinbase did not publicly provide the retention plan or guidelines for the permanent destruction of the plaintiff's biometric identifiers as required by BIPA," the complaint states.

Court documents show that Coinbase requires users to verify their identity by uploading a government-issued photo ID and a selfie, which are then sent to a third-party identification software for scanning and extracting facial geometric features.

The plaintiff claims that this process captured biometric identifiers without obtaining the user's informed written consent, violating BIPA regulations.

Furthermore, the plaintiff also claims that Coinbase shared biometric data with third-party verification providers such as Jumio, Onfido, Au10tix, and Solaris without obtaining user consent, which violated legal provisions.

"Coinbase violated [BIPA] by 'acquiring' biometric data because it explicitly instructed third-party verification providers to use its software to verify and authenticate users, including the plaintiff, while its software accomplishes this by collecting biometric data," the complaint states.

According to the plaintiff, over 10,000 individuals have submitted arbitration requests to the American Arbitration Association regarding the relevant issues, but Coinbase allegedly refused to pay the necessary arbitration fees, leading to the dismissal of these requests.

The lawsuit includes three counts of violating state biometric privacy law and one count of consumer fraud under the Illinois Consumer Fraud and Deceptive Business Practices Act.

The plaintiffs seek $5,000 in damages for each intentional or reckless violation and $1,000 for each negligent violation, while also seeking injunctive relief and reimbursement of legal fees.

Notably, Coinbase is also facing at least six lawsuits related to the bribery of some customer support agents that leaked user data, disclosed on May 15.

In May 2023, a group of Coinbase users sued the exchange with similar BIPA violation allegations.

Later, a judge allowed the lawsuit to be paused pending arbitration, and on February 3, after Coinbase and the user group agreed to withdraw the lawsuit, the case was dismissed without prejudice.

Related: Reports indicate that Galaxy Digital is seeking to tokenize shares as it goes public on NASDAQ.