Regulation & Policy
Share
A proposed class-action lawsuit filed on May 1 in a California District Court alleges that Coinbase breached Illinois' Biometric Information Privacy Act (BIPA) by collecting and storing customer fingerprints and facial templates.
To conduct Know Your Customer (KYC) checks, Coinbase requires customers to upload pictures of a valid ID and a self-portrait. However, the lawsuit claims that this requirement violates certain provisions of BIPA, as Coinbase did not obtain users' permission to collect their biometrics or provide information about the purpose of collecting such data, how long it would be stored, and how it would be used and destroyed.
The lawsuit also alleges that Coinbase did not have a written policy establishing guidelines for the permanent destruction of biometric information, which is required by BIPA.
According to the proposed class-action lawsuit, Coinbase follows a process similar to other exchanges by scanning photographs uploaded by customers and creating a biometric template of their face. This information is used to confirm whether the self-portrait matches the face on the submitted ID.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
As a result, the exchange is alleged to have illegally collected and stored "highly detailed geometric maps of the face" and fingerprints of thousands of Illinois residents.
The lawsuit also claims that Coinbase uses biometric authentication, such as fingerprint or face scans, on its mobile app to verify users when they log into their accounts.
This puts users at significant and permanent risk of having their privacy violated. If the sensitive and proprietary biometric data is hacked, breached, or exposed, there is no way for users to protect themselves against identity theft.
The suit claims that Coinbase should have permanently destroyed this data after using it to open an account for a user, as that was its sole purpose.
Therefore, the lawsuit is demanding compensation for intentional violations of the Illinois Biometric Information Privacy Act (BIPA) at a rate of $5,000 per violation, or $1,000 if the violations were not deliberate, along with the cost of legal fees and court expenses for the class action.
Editor's Picks
UAE Stablecoins: Why They Are Built to Travel, Not Stay Local
Walid Abou Zaki
Feb 28, 2026
8 min
The Central Bank of the UAE Clearing the Noise Around Article 62
Walid Abou Zaki
Feb 25, 2026
5 min
Europe’s Crypto Purge: Did Lithuania Just Kick Out Innovation — and is the UAE the Beneficiary?
Salma Naueihed
Feb 18, 2026
7 min
Read More Articles
In the Same Space
US Banks Weigh Lawsuit Over Crypto Trust Charters
News Desk
Mar 10, 2026
3 min
U.S. Congress Considers Granting Crypto Exchanges Authority to Freeze Suspicious Assets
News Desk
Mar 9, 2026
4 min
US Federal Court Dismisses All Claims Against Binance in Anti-Terrorism Lawsuit
News Desk
Mar 9, 2026
3 min
SEC Seeks Settlement With Justin Sun in TRON Case
News Desk
Mar 6, 2026
4 min
