The lawsuit accuses the crypto exchange of violating the Illinois Biometric Information Privacy Act
Coinbase is now facing a class-action lawsuit in Illinois over claims it mishandled users’ biometric data. The case, filed on May 13 in federal court, accuses the cryptocurrency exchange of violating the Illinois Biometric Information Privacy Act (BIPA), a state law that requires companies to get informed consent before collecting or storing biometric identifiers like fingerprints or facial scans.
The lawsuit centers on Coinbase’s identity verification process. Users are typically asked to upload a photo ID and take a selfie when creating an account. According to the plaintiffs, this process involves the collection of facial recognition data, which falls under the protections of BIPA. They argue that Coinbase did not provide clear notice or obtain proper written consent before gathering this sensitive information.
Under BIPA, companies also need to explain how biometric data will be used, how long it will be stored, and when it will be deleted. The lawsuit alleges Coinbase failed to do all of this, putting users at risk in the event of a data breach or misuse.
Coinbase has not yet commented on the case, but it’s not the first tech company to face this kind of lawsuit in Illinois. BIPA has been a source of legal trouble for several firms over the years, including Meta and Google, both of which settled similar claims for hundreds of millions of dollars.
The plaintiffs in the Coinbase case are seeking damages and a court order to stop the company from collecting biometric data without following the law. Whether the lawsuit will succeed remains to be seen, but it adds to the growing scrutiny over how tech platforms handle personal data, especially information as sensitive as facial scans.
