Regulation & Policy
Share
A proposed class-action lawsuit filed on May 1 in a California District Court alleges that Coinbase breached Illinois' Biometric Information Privacy Act (BIPA) by collecting and storing customer fingerprints and facial templates.
To conduct Know Your Customer (KYC) checks, Coinbase requires customers to upload pictures of a valid ID and a self-portrait. However, the lawsuit claims that this requirement violates certain provisions of BIPA, as Coinbase did not obtain users' permission to collect their biometrics or provide information about the purpose of collecting such data, how long it would be stored, and how it would be used and destroyed.
The lawsuit also alleges that Coinbase did not have a written policy establishing guidelines for the permanent destruction of biometric information, which is required by BIPA.
According to the proposed class-action lawsuit, Coinbase follows a process similar to other exchanges by scanning photographs uploaded by customers and creating a biometric template of their face. This information is used to confirm whether the self-portrait matches the face on the submitted ID.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
As a result, the exchange is alleged to have illegally collected and stored "highly detailed geometric maps of the face" and fingerprints of thousands of Illinois residents.
The lawsuit also claims that Coinbase uses biometric authentication, such as fingerprint or face scans, on its mobile app to verify users when they log into their accounts.
This puts users at significant and permanent risk of having their privacy violated. If the sensitive and proprietary biometric data is hacked, breached, or exposed, there is no way for users to protect themselves against identity theft.
The suit claims that Coinbase should have permanently destroyed this data after using it to open an account for a user, as that was its sole purpose.
Therefore, the lawsuit is demanding compensation for intentional violations of the Illinois Biometric Information Privacy Act (BIPA) at a rate of $5,000 per violation, or $1,000 if the violations were not deliberate, along with the cost of legal fees and court expenses for the class action.
Editor's Picks
The UAE’s Institutional Digital Assets Moment: Why Regulatory Activation Matters Now
Walid Abou Zaki
Mar 27, 2026
6 min
Bitcoin, Hashrate, and Why High Energy Prices Will Expose Mining Survivors
Walid Abou Zaki
Mar 26, 2026
7 min
UAE Stablecoins: Why They Are Built to Travel, Not Stay Local
Walid Abou Zaki
Feb 28, 2026
8 min
Read More Articles
In the Same Space
U.S. Labor Department Crypto 401(k) Rule Advances After White House Review
News Desk
Mar 26, 2026
3 min
U.S. Lawmakers Signal Support for Tokenized Securities Amid SEC Exemption Debate
News Desk
Mar 26, 2026
6 min
Indian Court Grants Bail to CoinDCX Co-Founders in Fraud Case, Citing Prima Facie Lack of Evidence
News Desk
Mar 25, 2026
4 min
CFTC launches Innovation Task Force to shape crypto and prediction market rules
News Desk
Mar 25, 2026
5 min
