• A recently filed suit in California’s District Court alleges that cryptocurrency exchange Coinbase violated Illinois‘ Biometric Information Privacy Act (BIPA) by improperly collecting and using customers‘ fingerprint and facial recognition data.
• The plaintiff is seeking $5,000 for each “intentional and reckless violation” of BIPA and an additional $1,000 for every further violation found.
• The lawsuit accuses Coinbase of collecting biometric information through KYC procedures without informing customers or obtaining written consent.
Lawsuit Filed Against Coinbase
A newly filed lawsuit alleges that crypto exchange Coinbase improperly collected, stored, and distributed customers’ biometric data. Cryptocurrency exchange Coinbase has been slapped with a lawsuit filed with a District Court in California on May 1 for violating Illinois’ Biometric Information Privacy Act (BIPA).
Repercussions Under BIPA Regulations
The suit alleges the exchange collected and improperly used its customers’ fingerprint and facial recognition data. Bloomberg reports plaintiff Michael Massel is seeking relief in the form of $5,000 in damages for each “intentional and reckless violation” of BIPA and an additional $1,000 for every violation Massel’s legal representation can find. According to Decrypt, the lawsuit accuses Coinbase of collecting biometric information through its KYC procedures and that this data was illegally obtained, used, stored, and disseminated.
BIPAs Requirements On Collecting Biometric Data
BIPA regulations require a company seeking to collect biometric data to inform a person in writing that it obtains such data and must specify the purpose and duration of the data’s storage. BIPA further requires written consent from a customer, and the company seeking to obtain such data must publish “publicly‐available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information.“
Allegations Of Improper Use Of Data
Massel’s legal team argues Coinbase does not comply with the regulations when it collects customers’ data before and after creating new accounts. The suit alleges Coinbase’s “collection, obtainment, storage, and use” of customers’ biometric data is “unlawful“and opens clients up “to serious and irreversible privacy risks.“ The legal document asserts: If Coinbase’s database containing facial geometry scans or other sensitive proprietary biometric data is hacked breached or otherwise exposed Coinbase users have no means by which to prevent identity theft.
Data To Be Destroyed After Account Creation
The lawsuit further states that the exchange should have „permanently destroyed“ such data after a customer created a Coinbase account as the information was obtained solely to create an account.