Coinbase sued under Biometric Information Privacy Act

It was a matter of when not if. A cryptocurrency company has been accused of violating the U.S. state of Illinois’ biometric privacy law.

A proposed class action has been filed in federal district court alleging that Coinbase has not followed the rules when it comes to collecting and using the biometric data of Illinois residents.

The case (3:23-cv-02123), filed by Michael Massel, alleges that Coinbase required biometric scans of its customers without getting their express consent or saying how their data would be managed.

According to the lawsuit, Massel, opened an account with Coinbase in 2018. Enrollment required sending an image of a state ID and a selfie that becomes a template.

The company reportedly also requires a fingerprint scan as part of creating a wallet.

Biometric data is collected every time a subscriber logs in using Coinbase’s mobile app, court documents allege. The language in the filing strongly suggests, however, that the fingerprint authentication is carried out on the user’s device, meaning that Coinbase itself does not collect fingerprint biometric data.

A number of third-party companies reportedly would see at least some biometric data. Those companies can be found in Coinbase’ privacy disclosure and include Jumio, Onfido, SolarisBank and Sift Science. Jumio and Onfido each provide selfie biometrics as part of KYC checks for user onboarding.

The company also is defending itself against an insider-trading lawsuit alleging that that executives including CEO Brian Armstrong used insider information around the time Coinbase went public.

Article Topics

biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  data privacy  |  lawsuits