Key points to remember
- Coinbase allegedly violated Illinois Biometric Information Privacy Act (BIPA) and is being sued by the State of California
- The lawsuit alleges that Coinbase failed to receive written consent from its customers regarding the storage and destruction of its users’ biometric data.
Share this article
Coinbase was sued by the State of California in violation of Illinois’ Biometric Information Privacy Act (BIPA). The popular crypto exchange is accused of “unlawful collection, obtaining, use, storage and disclosure” of users’ biometric data, specified as fingerprints and facial images, used in KYC confirmation.
Although biometric data is necessary for KYC, companies must disclose to customers why and for how long they will retain this data. The company must also disclose how it will destroy collected biometric data, which the lawsuit alleges Coinbase failed to do.
“In fact, Coinbase made no mention of biometric information, collection of biometric information, or storage of biometric information.”
Michael Massel, the plaintiff, claims that Coinbase is in direct violation of BIPA. It seeks $5,000 for each violation and an additional $1,000 for other undisclosed violations “in the event the court finds that Coinbase’s violations of BIPA were not deliberate.”
BIPA establishes that “individuals are masters of their own biometric data and prohibits private companies from collecting them” unless these companies obtain the written consent of their customers. The ACLU of Illinois passed this law in 2008 to prevent the discriminatory and harmful misuse of people’s biometric data.
Previous issues with Coinbase
The industry has seen Coinbase in other legal battles over the past few years.
Back in January, Coinbase settled a $50 million lawsuit with the New York Department of Financial Services for $100 million over weaknesses in its compliance program, including deficiencies in its KYC processes, transaction monitoring system, OFAC screening and AML risk assessments.
Just six months earlier, the SEC investigated Coinbase on “at least nine” listed coins that could be qualified as titles. Since May 2, 2023, Coinbase could be accused of security breaches, according at CNBC. The exchange received a Wells notice, which “generally precedes enforcement action,” in March from the SEC.
1/ Today, Coinbase received a Wells notice from the SEC focused on staking and asset listings. A Wells notice generally precedes an enforcement action.
— Brian Armstrong 🛡️ (@brian_armstrong) March 22, 2023
These previous investigations have not stopped the SEC from issuing further subpoenas to Coinbase for other potential listing violations. The SEC has previously requested information about the exchange’s “asset listing processes, classification of certain listed assets, staking programs, and stable and yield-generating products,” the exchange’s 2022 first quarter report. read.