Coinbase Under Fire: Class-Action Lawsuit Alleges Biometric Data Violations

Crypto Giant Faces Heat in Illinois

Hang onto your hats, folks! Coinbase, the crypto exchange that's been making waves, is now caught in a storm in Illinois. A fiery class-action lawsuit claims they've been playing fast and loose with the state's Biometric Information Privacy Act. Ouch!

Customers Cry Foul Over Facial Data Collection

A band of Coinbase users isn't holding back, accusing the platform of grabbing their facial data during ID checks like it's no big deal. They're not happy, and they're letting everyone know about it.

Lawsuit Details: No Consent, No Notice

The bombshell was dropped on May 13 in the U.S. District Court for the Northern District of Illinois. The lawsuit's a scorcher, alleging that Coinbase's Know Your Customer routine involves scanning users' faces without a peep of notice or a nod of consent. The plaintiffs are fuming, saying it's a clear violation of Illinois' biometric privacy laws.

Here's the deal: users were told to upload their ID and snap a selfie, but then Coinbase tossed that data to third-party facial recognition software. Sneaky, right?

The group's not messing around, claiming this whole setup captured their faceprints without any heads-up or a public plan on when that data would be destroyed, as required by BIPA.

"At no point during the Verification Process are Coinbase users asked to consent to the collection of their biometric information, notified that their biometric data will be collected by an unrelated third party, nor provided with any information about the process, how it works, the type of information and data collected, whether said data is stored or disclosed to other entities, or any information about the retention or destruction of their biometric information," the complaint blasts.

And get this: Coinbase was apparently passing that facial data to vendors like Jumio, Onfido, Au10tix, and Solaris without even asking nicely. No permission? No problem, they thought.

But wait, there's more! Over 10,000 folks have tried to take Coinbase to arbitration over this mess, but the exchange allegedly dodged those fees, leaving many cases in the dust.

The group's not playing around, demanding up to $5,000 per reckless violation, or $1,000 if it's just negligence, plus legal fees and a court order to stop this madness.

Coinbase? Silent as a ghost on this one. No public comments yet.

Coinbase's Troubled History with BIPA

This isn't Coinbase's first rodeo in Illinois. Remember last year when a local took them to court over collecting facial data and fingerprints through their app? That case got paused after a judge okayed Coinbase's move to arbitration. They dropped it in February this year, but the heat's still on.

And if that's not enough, Coinbase's been slammed over a data breach where customer support agents were allegedly bribed to spill user data. Six more lawsuits have piled on, putting the spotlight on how they handle our precious info.

Oh, and one more thing: Illinois just dropped a separate lawsuit against Coinbase over their staking program, following similar moves by other states after the SEC backed off. It's been a wild ride for Coinbase, and it looks like the rollercoaster's not slowing down anytime soon.