Coinbase violated biometric privacy laws in Illinois through its collection and storage of customer fingerprints and facial templates, a proposed class-action lawsuit alleges.
A May 1 filing in a California District Court by a Coinbase user claimed the exchange's requirement that a customer uploads pictures of a valid ID and a self-portrait in order for the firm to conduct Know Your Customer (KYC) checks is violating certain provisions of Illinois’ Biometric Information Privacy Act (BIPA).
The lawsuit argues BIPA required Coinbase to gain permission from users when collecting their biometrics. Coinbase needed to also provide the purpose for collecting such data, how long it would be stored, how it would be used and how Coinbase would permanently destroy it.
“Coinbase had no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information,” the suit argued.
In a similar process used by other exchanges, the suit says Coinbase scans the photographs and creates a biometric template of a user’s face. It uses the information to confirm a match between the self-portrait and the face on the supplied ID.
“Thousands” of “highly detailed geometric maps of the face” and fingerprints from Illinois residents are claimed to have been illegally collected and stored by the exchange.
Biometric authentication, such as a fingerprint or face scan, is also used on Coinbase’s mobile app to verify the user when logging into their account, the suit states.
Related: Coinbase execs respond to SEC’s Wells notice in person and on video
It was alleged Coinbase’s “collection, obtainment, storage, and use” of such data is “unlawful” and exposes users “to serious and
Read more on cointelegraph.com