Coinbase Lawsuit & The Great Biometric Privacy Debate: Risks vs. KYC Compliance

Cryptocurrency exchange courtroom scene, Coinbase sign on stand, concerned citizens in background, torn KYC documents scattered, facial geometry map & fingerprint analysis on wall, subtle dark blue hue, contrast between data privacy & security, anxious atmosphere, delicate balance weighing scale.

Coinbase, a leading crypto exchange platform, is the subject of a proposed class-action lawsuit, accused of violating Illinois’ Biometric Information Privacy Act (BIPA) by allegedly collecting and storing customers’ fingerprints and facial templates without proper permission. The lawsuit claims that the company’s mandate for customers to provide valid IDs and self-portraits for conducting Know Your Customer (KYC) protocols goes against BIPA provisions. Furthermore, the exchange reportedly failed to inform users about the purpose of the data, storage length, and disposal methods.

The legal complaint, filed by a Coinbase user in a California District Court on May 1, alleges that the exchange uses these photos to create a biometric model of the user’s face, accumulating “highly detailed geometric maps of the face” and fingerprints of thousands of Illinois residents. This information has been unlawfully accumulated and stored by the company, according to the lawsuit.

Additionally, the lawsuit accuses Coinbase’s mobile app of requiring biometric verification, such as fingerprint or facial recognition, to authenticate the user’s account access. The case argues that the company’s “collection, acquisition, storage, and use” of such information is “illegal” and exposes users to “grave and irrevocable privacy risks.”

The plaintiffs raise concerns that if Coinbase’s database containing facial geometry scans or other sensitive, proprietary biometric data is breached or exposed, users would have no means of preventing identity theft. Under BIPA, firms need to obtain user approval when collecting biometrics and provide details on the data’s purpose, storage duration, and disposal methods. The lawsuit alleges that Coinbase failed to create a written policy outlining a retention schedule and criteria for permanently disposing of biometric data.

The lawsuit seeks $5,000 in damages for each intentional BIPA violation, or $1,000 if the alleged violations were not deliberate. It also demands the payment of legal fees and court costs for the class action. Coinbase’s shares are currently trading at just over $50 per share, having risen almost 50% this year. At this time, the exchange has not made any public comment on the legal action.

While the case itself may garner significant attention, it also highlights the broader issue of biometric data privacy and the necessity for companies to comply with applicable laws and regulations. As the world increasingly relies on technology and digital security, the balance between customer privacy and security for platforms like Coinbase continues to be a delicate and contentious issue.


Sponsored ad