tl;dr
Coinbase faces a class-action lawsuit filed by Illinois residents alleging the crypto exchange illegally collected and shared biometric data during identity verification, violating Illinois’ Biometric Information Privacy Act (BIPA). The suit claims Coinbase collected facial data without user consent...
Coinbase is under fire from a class-action lawsuit filed by Illinois residents, who claim the crypto exchange unlawfully collected and shared their biometric data, violating the state's Biometric Information Privacy Act (BIPA). The complaint alleges Coinbase captured facial data during identity verification without user consent and shared it with third-party vendors such as Jumio, Onfido, Au10tix, and Solaris.
Users were reportedly required to upload a government ID and a selfie, which were analyzed by facial recognition software without proper notice or consent. Despite over 10,000 arbitration demands filed by affected users, Coinbase’s refusal to pay necessary fees led to dismissal of those cases. Plaintiffs seek damages of $5,000 for each reckless violation and $1,000 for each negligent violation, along with an injunction to halt these data practices and coverage of court costs.
This legal battle is not new territory for Coinbase, which faced similar lawsuits in May 2023 related to facial recognition during onboarding. Additionally, Coinbase is embroiled in fallout from a recent data breach where customer service agents were allegedly bribed to leak sensitive information, sparking multiple class-action suits accusing the company of negligence and insufficient cybersecurity.
Nanak Nihal Khalsa, co-founder of Holonym, a privacy-centric identity firm, emphasizes the broader implications beyond Coinbase: “KYC without zero knowledge is a privacy time bomb.” Khalsa advocates for zero-knowledge tools that verify identities without exposing personal data, positing that true privacy requires moving away from data warehousing and towards revolutionary privacy solutions.