FB pixel

Jumio named in BIPA lawsuit over crypto ID verification

Jumio named in BIPA lawsuit over crypto ID verification
 

Biometric identity verification provider Jumio is in legal hot water again for alleged violations of Illinois’ BIPA. This time, plaintiff Jacob Czyszczon claims Jumio collected, stored, and used his biometric data without his consent, and therefore unlawfully, when he went through a KYC process in a finance app that used Jumio’s identity verification. A class action lawsuit was filed in San Francisco federal court on March 18.

The filing, spotted by Northern California Record, says Czyszczon completed the KYC process on the Phemex crypto trading app, which used Jumio’s identity verification. He was asked to upload a picture of his state ID and a selfie. Jumio then used biometrics to compare the images and confirm Czyszczon’s identity.

As a provider for Phemex, Jumio collected and retained biometric information for the plaintiff’s account. According to the plaintiff, Jumio had no written policy establishing how long the data would be retained and when it would be destroyed after the data fulfilled its purpose or, if the data’s use is ongoing, within the last three years of the plaintiff’s interaction with Jumio.

Phemex instructed the user to complete the process without stating that Jumio was collecting or storing biometric data, according to the complaint. Jumio also allegedly violated BIPA in sharing biometric information with Phemex without the user’s consent.

Once Czyszczon’s identity was verified, the face template used should have been permanently destroyed but was instead stored, the lawsuit argues.

Plaintiffs can pursue damages of $1,000-$5,000 per violation, where each time a user scans their biometrics over the last five years counts as a violation, not just the first instance.

Jumio is also involved in a similar case for providing identity verification to Binance Capital Management. In recent developments, a U.S. federal judge accepted Binance Capital‘s motion to dismiss the case against it due to lack of jurisdiction, and rejected dismissal motions from Jumio and BAM Trading Services. The case is ongoing.

The cases continue to demonstrate that BIPA affects businesses using biometrics and technology providers alike since the law’s enactment. Jumio saw a pair of BIPA lawsuits in a similar vein including one that was filed after deploying identity verification to Binance in 2022. Jumio settled a different case in 2020, which led to the dismissal of a class action case against its client, WeWork, in 2022.

At the time of the settlement, a Jumio representative told Biometric Update that it was working with customers to keep them on the right side of the regulation. Phemex announced that it had switched to Jumio for identity verification weeks later. Phemex privacy policy explicitly states that “When you set up your Account, we may collect your biometric template.”

Jumio’s cases contrast with among more egregious alleged violations such as claims Google collected biometrics from children without parents’ consent back in 2022.

Jumio declined to comment.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

 

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat

A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second…

 

EU AI pact sets new standards for ethical AI use across Europe

By Tony Porter, Chief Privacy Officer at Corsight AI The European Union’s AI Pact marks a crucial step towards forming…

 

Deepfake detection challenge, integration to protect content integrity unveiled

A new deepfake detection competition has been announced with the intention of advancing “next-generation deepfake detection and localization systems” development….

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events