According to the class action lawsuit filed in California District Court, the exchange’s requirement to upload customer photos for Know Your Customer (KYC) identification violates the Illinois Biometric Information Privacy Act (BIPA).
This law implies that Coinbase must obtain users’ permission to collect information and specify the purpose of collecting biometric data, how long it will be stored, how it will be used, and whether Coinbase will subject it to irretrievable destruction.
“Coinbase does not have a published policy establishing a data retention schedule and principles for irretrievable destruction of biometric information,” the lawsuit states.
Plaintiff alleges that biometric authentication, namely a fingerprint or facial scan, is also used in the Coinbase mobile app to verify a user when logging into their account.
Users fear that collecting, obtaining, storing and using this data exposes them to serious risks because if the exchange database is compromised, Coinbase will not be able to prevent the leak of personal information.
The plaintiff called on Coinbase to permanently destroy users’ biometric data because that information was only meant to open an account.
In addition, the user demanded that Coinbase pay $5,000 in damages for intentional BIPA violations or $1,000 if the court finds that the alleged violations were not intentional, as well as attorney’s fees and court costs.
Recall that in February, a court dismissed a class action lawsuit by investors against Coinbase accusing the exchange of unregistered sales of securities.