Coinbase Users File Class-Action Lawsuit
A recent class-action lawsuit has been initiated by a cohort of Coinbase users in Illinois, asserting that the cryptocurrency platform’s identity verification methods infringe upon the state’s Biometric Information Privacy Act (BIPA). The lawsuit, lodged in federal court on May 13, features plaintiffs Scott Bernstein, Gina Greeder, and James Lonergan.
Allegations Against Coinbase
The plaintiffs argue that Coinbase’s extensive collection of facial data as part of its Know Your Customer (KYC) protocols contravenes BIPA guidelines due to a lack of user notification. They allege that Coinbase did not provide users with written information regarding the collection, usage, or retention periods of their biometric data, which is a requirement under BIPA.
Specifically, they point out that Coinbase doesn’t publicly disclose how long it intends to keep users’ biometric identifiers or how it plans to destroy them after use. Coinbase’s process entails users submitting a government-issued ID alongside a selfie, which is then processed by third-party facial recognition technologies to analyze and extract unique facial traits.
Concerns Over User Privacy
The lawsuit argues that this method involves capturing biometric identifiers without obtaining proper informed consent from users, thereby breaching BIPA. Furthermore, the plaintiffs assert that Coinbase has unlawfully shared users’ biometric information with third-party vendors for verification purposes, including Jumio, Onfido, Au10tix, and Solaris. The legal complaint emphasizes that Coinbase directs these third-party services to utilize its software, resulting in the collection of biometric data.
Ongoing Arbitration Issues
The lawsuit also highlights that over 10,000 other Coinbase users have sought arbitration on similar issues through the American Arbitration Association, but Coinbase has allegedly failed to cover the necessary arbitration fees, leading to the dismissal of these claims. The legal action comprises three counts of breaching Illinois biometric privacy laws, as well as one count of consumer fraud under the Illinois Consumer Fraud and Deceptive Business Practices Act.
Requested Damages
The plaintiffs are requesting damages of $5,000 for each intentional or reckless violation, $1,000 for each negligent violation, along with other forms of injunctive relief and recovery of legal expenses. This lawsuit is one of at least six that Coinbase has faced recently, following revelations on May 15 regarding incidents where some customer support staff were reportedly bribed to disclose sensitive user information.
Previous Legal Matters
In a related matter, a previous lawsuit regarding BIPA breaches by Coinbase was paused by a judge in May 2023, with the case being dismissed without prejudice on February 3 after both parties agreed to arbitration.
