A class-action lawsuit has been filed against Coinbase by a group of users from Illinois, alleging that the popular crypto exchange's identity verification process violates the state's Biometric Information Privacy Act (BIPA). The plaintiffs, Scott Bernstein, Gina Greeder, and James Lonergan, claim that Coinbase's collection of faceprints for its Know Your Customer (KYC) requirements breaches BIPA as users were not properly notified.

According to the lawsuit filed on May 13 in a federal court, Coinbase allegedly failed to inform users in writing about the collection, storage, or sharing of their biometric data, as well as the purpose and retention schedule for such data. The group contends that Coinbase does not provide a retention schedule or guidelines for destroying biometric identifiers as required by BIPA.

The complaint highlights that Coinbase's ID verification process involves users uploading a government-issued photo ID and a selfie, which is then scanned and analyzed by a third-party facial recognition software to extract facial geometry. The lawsuit argues that this process captures biometric identifiers without users' informed written consent, thus violating BIPA.

Moreover, the plaintiffs claim that Coinbase unlawfully shared biometric data with third-party verification vendors such as Jumio, Onfido, Au10tix, and Solaris without users' consent. The lawsuit alleges that Coinbase directed these third parties to use its software to collect biometric data for user verification, further breaching BIPA.

The group asserts that over 10,000 individuals have demanded arbitration over these issues with the American Arbitration Association, but Coinbase allegedly refused to pay the required fees, leading to the dismissal of these demands.

The lawsuit brings forward three claims of violating state biometric privacy laws and one for consumer fraud under the Illinois Consumer Fraud and Deceptive Business Practices Act. The group is seeking relief of $5,000 per willful or reckless violation found, $1,000 per negligent violation found, along with injunctive relief and litigation costs.

This is not the first time Coinbase has faced such allegations. In May 2023, a similar lawsuit was filed by another group of users, which was later sent to arbitration. The lawsuit was eventually dismissed after Coinbase and the users agreed to drop the action.

Coinbase has recently been embroiled in multiple legal challenges, including allegations that some customer support agents were bribed to leak users' data. The outcome of these legal battles will likely have significant implications for the future operations of the cryptocurrency exchange.

Source: https://cointelegraph.com/news/coinbase-sued-alleged-breaches-illinois-biometric-privacy-law?utm_source=rss_feed&utm_medium=rss%3F&utm_campaign=rss_partner_inbound