A recent lawsuit filed against cryptocurrency exchange Coinbase raises concerns about the improper collection, storage, and distribution of customers’ biometric data, including fingerprint and facial recognition information. Filed on May 1st with a District Court in California, the lawsuit accuses Coinbase of violating Illinois’ Biometric Information Privacy Act (BIPA). Plaintiff Michael Massel claims that the exchange’s practices resulted in privacy risks for its users and is seeking $5,000 in damages for each act of alleged violation, plus an additional $1,000 for every instance uncovered by his legal team.
The crux of the situation revolves around Coinbase’s Know Your Customer (KYC) procedures, through which the platform collects users’ biometric data. The lawsuit contends that this data was illegally obtained, used, stored, and disseminated, as the company allegedly did not inform customers in writing about the collection of such data or obtain their written consent. BIPA regulations stipulate that companies must inform individuals in writing and specify the purpose and duration of the data storage. Additionally, these companies must have publicly available written retention schedules and guidelines for destroying biometric identifiers and information.
Coinbase’s reported non-compliance with BIPA regulations during account creation raises questions about the vulnerability of users’ biometric data. The lawsuit argues that this non-compliance exposes clients to significant and irreversible privacy risks. When a company’s database containing sensitive biometric data is hacked, breached, or exposed, affected users have no means of preventing identity theft.
The lawsuit brings to light the growing conversation surrounding data privacy in the crypto world, as the industry continues to undergo expansion and increased adoption. If proven true, Coinbase’s alleged mishandling of biometric data could set a precedent for strict regulations and penalties for violating privacy laws. Conversely, it is important not to jump to conclusions without understanding the full context behind the lawsuit and the claims made.
Ultimately, the case highlights the need for crypto exchanges and other businesses dealing with sensitive personal information to prioritize data privacy, adhere to stringent security protocols, and ensure compliance with regulatory frameworks. This will not only protect their users but also foster trust within the crypto community.