Coinbase Sued by California for Mishandling Biometric Data
Coinbase is alleged to have mishandled the collection, storage, and destruction of KYC data.
- Coinbase has allegedly violated of Illinois’ Biometric Information Privacy Act (BIPA) and is being sued by the state of California
- The suit alleges that Coinbase did not receive written consent from its customers regarding the storage and destruction of its users' biometric data
Share this article
Coinbase has been sued by the state of California in violation of Illinois’ Biometric Information Privacy Act (BIPA). The popular crypto exchange is accused of “unlawful collections, obtainments, use, storage, and disclosure” of users’ biometric data, specified as fingerprints and facial images, used in KYC confirmation.
While biometric data is required for KYC, companies must disclose to customers why and for how long they will store that data. The company must also disclose how it will destroy collected biometric data, which the suit alleges Coinbase did not do.
“In fact, Coinbase made no mention of biometric information, collection of biometric information, or storage of biometric information.”
Michael Massel, the plaintiff, claims Coinbase is in direct violation of the BIPA. He seeks $5000 for each violation and another $1000 for other undisclosed violations “in the event the court finds that Coinbase’s violations of BIPA were not willful.”
The BIPA establishes that “individuals are in control of their own biometric data and prohibits private companies from collecting it” unless these companies obtain written consent from their customers. The ACLU of Illinois passed this law back in 2008 to prevent discriminatory and harmful misuse of people’s biometric data.
Past Coinbase issues
The industry has seen Coinbase in other legal struggles over the past few years.
Back in January, Coinbase settled a $50 million lawsuit with the New York Department of Financial Services for $100 million because of its weak compliance program including deficiencies in its KYC processes, its transaction monitoring system, OFAC screening and AML risk assessments.
Only six months earlier, the SEC investigated Coinbase over “at least nine” coins listed that could be classified as securities. As of May 2, 2023, Coinbase could be charged with securities violations, according to CNBC. The exchange received a Wells notice, which “typically precedes an enforcement action,” in March from the SEC.
1/ Today Coinbase received a Wells notice from the SEC focused on staking and asset listings. A Wells notice typically precedes an enforcement action.
— Brian Armstrong 🛡️ (@brian_armstrong) March 22, 2023
These previous investigations have not stopped the SEC from issuing Coinbase further subpoenas for other potential listing violations. The SEC has already requested information on the exchange’s “processes for listing assets, the classification of certain listed assets, its staking programs, and its stablecoin and yield-generating products,” the exchange’s Q1 2022 report read.