Cryptocurrency exchange Coinbase has recently faced accusations of wrongfully profiting from its users’ facial and fingerprint scans. A proposed class action lawsuit alleges that the Nasdaq-listed company has violated Illinois’ biometric privacy law by collecting face templates and fingerprints of its customers without their consent. The lawsuit raises concerns about the company’s data collection activities and the potential consequences for users.
Coinbase’s user verification process requires customers to upload a government ID and a selfie, as well as set up biometric authentication (fingerprint scan) for mobile app login. The lawsuit claims that the company collects, stores, and uses users’ biometric data to enhance its platform, and further suggests that this process benefits Coinbase at the expense of its users’ privacy.
The issue of biometric data security is particularly sensitive, as facial geometry and fingerprint scans are permanent, unique identifiers that pose substantial risks if stolen or compromised. Given the irreversible nature of this information, the alleged unauthorized collection, storage, and use of biometric data exposes users to serious privacy threats.
According to Illinois’ Biometric Information Privacy Act (BIPA), companies must obtain consent before collecting biometric data such as facial scans or fingerprints and inform users about data retention periods. The recent lawsuit alleges that Coinbase has created, collected, and stored face templates and fingerprints of thousands of Illinois residents without their consent, contravening BIPA’s requirements.
The case against Coinbase highlights a broader issue in the crypto industry, as data privacy and security concerns have emerged as significant challenges. Industry players must find a delicate balance between adhering to regulatory requirements and safeguarding user data. Companies that fail to do so may face legal consequences and damage to their reputation.
In conclusion, the accusations against Coinbase raise serious questions about the company’s use of biometric data and its compliance with regulations. While the benefits of enhanced security and user verification are clear, these practices must not put users’ privacy at risk. It is crucial for companies in the crypto industry to navigate these issues responsibly and transparently, striving for a balance that respects both regulatory demands and users’ data privacy rights.