A lawsuit filed in the District Court of California alleged that Coinbase’s biometric data collection practices regarding KYC audits violated the law.
The lawsuit, filed in California District Court on May 1, 2023, alleges that Coinbase violated Illinois’ Biometric Information Privacy Act (BIPA). According to the complaint, Coinbase was required to obtain users’ consent when collecting biometric data.
No Statement by Coinbase Yet
Coinbase, like other centralized exchanges, requires users to scan a valid ID card and upload a selfie. It then records this information to confirm the face match and to create a biometric template of the user’s face.
Claiming that Coinbase’s KYC compliance procedure is illegal, the complaint says users will have no protection against identity theft if the company’s biometric database is hacked. It also insists that the exchange must permanently destroy users’ biometric data immediately after successful KYC checks.
However, Coinbase is expected to provide information on the purpose of collecting the data, how long it will store, how long it will be used, and how it will be permanently destroyed.
The filing argues that the exchange does not have a publicly written policy that sets a retention program and guidelines for the permanent destruction of biometric information.
Plaintiff Michael Massel seeks damages of $5,000 per willful BIPA violation or $1,000 per unintentional violation.