A proposed class-action lawsuit filed on May 1 in a California District Court alleges that Coinbase breached Illinois biometric privacy laws by collecting and storing customer fingerprints and facial templates. The largest crypto trading platform faces a lawsuit after a user started the charges against the exchange.
User Slammed Charges Against Coinbase
The legal action was initiated by a Coinbase user who claimed the company’s KYC procedure violates specific requirements of the Biometric Information Privacy Act (BIPA) in Illinois. The procedure makes it mandatory for customers to submit images of a valid ID and a self-portrait.
Per the lawsuit, Coinbase was obligated under BIPA to obtain explicit user consent before collecting their biometric information. Furthermore, the company was required to disclose the reason for collecting such data, the duration for which it would be retained, how it would be utilized, and the method by which it would be permanently deleted.
According to the court filing, Coinbase had no publicly available written protocol outlining a retention timetable or guidelines for permanently deleting biometric data. The legal document alleges that Coinbase employs a similar procedure to other crypto exchanges wherein it scans photographs and generates a biometric profile of a customer’s face.
This information is utilized to verify the match between the self-portrait and the individual’s face on the submitted ID. Moreover, the class-action lawsuit contends that Coinbase illegally amassed and retained “thousands” of intricate facial geometric maps and fingerprints belonging to Illinois residents.
According to the suit, Coinbase’s mobile application also employs biometric authentication, such as fingerprint or facial recognition, to authenticate users while logging into their accounts. Hence, the lawsuit claimed that Coinbase’s “acquisition, retention, storage, and utilization” of such data is “illegal” and endangers customers by exposing them to significant and irreversible privacy hazards.
What The Class Action Says
The lawsuit stated that Coinbase was required to permanently erase biometric data once a user had created an account, as this data was only used to establish the account and for no other reason.
Accordingly, the complainant is pursuing compensation of $5,000 for each deliberate BIPA infringement or $1,000 if the court determines that the purported breaches were not intentional. In addition, the complainant wants Coinbase to settle the class action’s legal counsel and court expenses.
In a related development, Coinbase’s top officials, including Chief Legal Officer Paul Grewal and CEO Brian Armstrong, addressed their firm’s concerns regarding recent crypto regulatory enforcement by regulators. Grewal delivered a speech at Consensus 2023, while Armstrong appeared in a YouTube video alongside him.
Coinbase’s officials made the statements after the firm recently received a Wells notice from the United States Securities and Exchange Commission (SEC). In a video addressed to the chair and commissioners of the SEC, Grewal emphasized that Coinbase’s primary objective of adhering to regulatory requirements has always remained constant.
During the speech, Grewal contended that Coinbase’s operations have remained unchanged since its approval for listing on the Nasdaq stock exchange two years ago. Grewal attributed the SEC’s change in perspective to FTX, citing SEC Chair Gary Gensler’s statement that “I feel that we have enough authority in this space.”
In addition, he pointed out that FTX and Coinbase are entirely different entities with dissimilar business models.