Biometric data collection lands Coinbase in hot water

Biometric data collection lands Coinbase in hot water
Table of Contents

Coinbase, the largest crypto exchange in the US, is facing a proposed class-action lawsuit over allegations of illegally collecting biometric data, including face templates and fingerprints of its customers, in violation of the biometric privacy law in Illinois. The lawsuit was filed in federal court in San Francisco by Michael Massel.

According to the lawsuit, Coinbase collects facial data from copies of government-issued IDs and selfies that users must provide when creating an account. The exchange also gathers fingerprint data from customers when they use fingerprint-scanning technology to log into their accounts.

Coinbase Allegedly Violated Biometric Privacy Law

The lawsuit argues that Coinbase’s actions violate the Biometric Information Privacy Act (BIPA), which requires companies to provide the purpose for collecting such data, how long it will be stored, how it will be used, and how it will be permanently destroyed.

Coinbase Allegedly Violated Biometric Privacy Law

Furthermore, it alleges that biometric authentication, such as a fingerprint or face scan, is used on Coinbase’s mobile app to verify the user when logging into their account. This, therefore, exposes users to serious and irreversible privacy risks.

Users of Coinbase have no recourse in the event that the company’s database, which contains sensitive, proprietary biometric information like facial geometry scans, is breached, compromised, or otherwise made public.

As noted by the plaintiff, Coinbase should have “permanently destroyed” biometric data after a user opened a Coinbase account, as such information was used for the sole purpose of opening the account.

The complaint also states that Coinbase did not have a written policy that established a retention schedule and guidelines for permanently destroying biometric information when the initial purpose for collecting or obtaining such biometric information has been satisfied or within three years of the individual’s last interaction with Coinbase.

Currently, the suit seeks $5,000 in damages for each intentional BIPA violation, or $1,000 if the court determines that the alleged violations were not willful. The class action also demands that Coinbase cover the costs of the court case as well as the attorneys’ fees.

However, this emphasizes the importance of clear policies and stringent security measures to safeguard users’ privacy. It highlights the need for businesses to take extra precautions to ensure the privacy and security of their customers’ data.


Follow us on Social Networks

Crypto Tutorials

Crypto Reviews