Coinbase Under Fire: Illinois Biometric Privacy Lawsuit Explained

Are your fingerprints and facial scans safe when using cryptocurrency exchanges like Coinbase? A recent lawsuit filed in Illinois is raising serious questions about the biometric data collected during Know Your Customer (KYC) checks. If you’re a Coinbase user in Illinois, this could directly impact you.

What’s Happening with Coinbase and the Illinois Lawsuit?

Coinbase, one of the world’s leading cryptocurrency exchanges, is facing a proposed class-action lawsuit. The core allegation? That Coinbase violated Illinois’ Biometric Information Privacy Act (BIPA) by collecting and storing users’ biometric data without proper consent. Let’s break down the key points:

• The Claim: A Coinbase user in Illinois filed a lawsuit claiming the exchange’s KYC process, which requires uploading images of a valid ID and a self-portrait, violates BIPA.
• The Core Issue: The lawsuit argues Coinbase didn’t obtain explicit consent before collecting fingerprints and facial templates.
• BIPA Requirements: Illinois’ BIPA mandates companies to inform users about the collection of biometric data, explain its purpose, storage duration, usage, and the method for its permanent destruction.

Diving Deeper: Coinbase’s KYC and Biometric Data

Why is Coinbase collecting this information in the first place? It all comes down to Know Your Customer (KYC) regulations, designed to prevent financial crimes like money laundering and terrorist financing. Here’s how biometric data fits into the process:

• KYC Checks: Coinbase, like other regulated financial institutions, needs to verify the identity of its users.
• Image Uploads: Users are typically required to upload a government-issued ID and a selfie.
• Biometric Template Creation: The lawsuit alleges Coinbase scans these images to create biometric templates of users’ faces, similar to other exchanges.
• Verification: This biometric data is used to match the selfie with the ID photo, confirming the user’s identity.
• Mobile App Authentication: The lawsuit also claims biometric authentication (face or fingerprint scans) is used for logging into the Coinbase mobile app.

The Heart of the Matter: BIPA Violations

The lawsuit specifically accuses Coinbase of failing to comply with several aspects of BIPA:

• Lack of Consent: The primary claim is that Coinbase didn’t obtain proper written consent from users before collecting their biometric data.
• Missing Policy: According to the lawsuit, Coinbase lacked a publicly available written policy outlining data retention schedules and procedures for permanently destroying biometric information.
• Storage and Usage Concerns: The suit alleges Coinbase illegally collects and stores detailed facial geometry and fingerprint data from Illinois residents.

What are the Potential Risks?

The lawsuit highlights significant privacy risks associated with the collection and storage of biometric data:

• Irreversible Privacy Risks: The complaint argues that the “collection, acquisition, storage, and use” of this data is illegal and exposes users to serious and irreversible privacy risks.
• Data Breach Concerns: A major concern is the potential for data breaches. If Coinbase’s database containing sensitive biometric data is hacked, users could face identity theft with no way to reverse the compromise of their facial or fingerprint data.

What Does the Lawsuit Seek?

The plaintiff is seeking substantial damages under BIPA:

• Damages: The lawsuit seeks $5,000 in damages for each willful BIPA violation or $1,000 for each negligent violation.
• Attorneys’ Fees and Costs: The claim also seeks payment for the class action’s attorneys’ fees and court costs.
• Data Destruction: The lawsuit implies that Coinbase should have permanently destroyed biometric data after it served its initial purpose of account creation.

Key Takeaways and Actionable Insights

This lawsuit raises important questions about how cryptocurrency exchanges handle sensitive biometric data. Here’s what you should know:

• Understanding BIPA: Illinois residents have significant legal protections regarding their biometric information.
• KYC and Privacy: While KYC is crucial for security and compliance, it’s essential that exchanges handle biometric data responsibly and transparently.
• Your Rights: If you’re a Coinbase user in Illinois, you might be part of this class-action lawsuit. Stay informed about its progress.
• Data Security: This case underscores the importance of robust data security measures for companies handling biometric information.
• Transparency is Key: Cryptocurrency exchanges should be transparent about their data collection, storage, and usage practices.

Looking Ahead

The outcome of this lawsuit could have significant implications for Coinbase and other cryptocurrency platforms operating in Illinois. It could set a precedent for how biometric data is handled in the context of KYC checks and potentially lead to stricter regulations and greater user awareness of their privacy rights.

This case serves as a reminder of the ongoing tension between security measures and individual privacy in the digital age. As the legal landscape around biometric data evolves, it’s crucial for both users and companies to understand their rights and responsibilities.