According to ChainCatcher, a group of Coinbase users from Illinois have filed a class-action lawsuit against the cryptocurrency exchange, alleging that its identity verification process violates the state's Biometric Information Privacy Act (BIPA).
In a lawsuit filed on May 13 in federal court, plaintiffs Scott Bernstein, Gina Greeder, and James Lonergan claim that Coinbase "massively collected" facial recognition information to meet "Know Your Customer" (KYC) requirements, violating BIPA because users were not notified.
The group alleges that Coinbase did not notify users in writing about the collection, storage, or sharing of their biometric data, nor the purpose of use and retention timeline.
They claim that "Coinbase did not publicly provide a retention schedule or guidelines for permanently destroying the plaintiffs' biometric identifiers," which violates BIPA provisions.
The lawsuit states that Coinbase requires users to verify their identity by uploading government-issued photo ID and selfies, which are then sent to third-party facial recognition software for scanning and extracting facial geometric data. This process captures biometric identifiers without obtaining users' informed written consent, the lawsuit alleges, which violates BIPA.
