Regulation & Policy
Share
Coinbase is facing a proposed federal class action lawsuit accusing the cryptocurrency exchange of unlawfully collecting users’ facial data without their consent, in potential violation of Illinois’ Biometric Information Privacy Act (BIPA).
Filed on May 13 in the U.S. District Court for the Northern District of Illinois, the complaint alleges that Coinbase used facial recognition tools to scan and analyze users’ facial features as part of its identity verification process—without securing the written consent required under Illinois law.
The lead plaintiffs—Scott Bernstein, Gina Greeder, and James Lonergan—claim the company not only failed to disclose its biometric data collection practices, but also didn’t publish a data retention schedule or policy, as mandated by BIPA.
According to the lawsuit, Coinbase also shared users’ biometric data with third-party vendors Jumio Corp. and Onfido without first obtaining user permission.
Security Incident
Enforcement Action
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
The plaintiffs turned to the court after Coinbase allegedly declined to arbitrate the claims. Their legal team had previously filed over 10,000 individual arbitration demands in early 2024 through the American Arbitration Association (AAA).
Coinbase responded by arguing that the claims should instead be heard in Illinois small claims court, or be subject to additional procedural steps before arbitration could proceed. However, a process arbitrator rejected those arguments, and AAA ruled in March 2025 that standard arbitration fees would apply—contrary to Coinbase’s preferred fee structure.
When Coinbase failed to pay the required filing fees, AAA closed the arbitration cases, paving the way for the plaintiffs to file suit in federal court.
The proposed class includes Illinois residents whose biometric data was allegedly collected by Coinbase over the past five years. The complaint asserts that Coinbase violated BIPA’s core requirements around informed consent, disclosure, and transparency.
The plaintiffs are seeking statutory damages of up to $5,000 per violation, as well as injunctive relief, attorneys’ fees, and interest.
Editor's Picks
UAE Stablecoins: Why They Are Built to Travel, Not Stay Local
Walid Abou Zaki
Feb 28, 2026
8 min
The Central Bank of the UAE Clearing the Noise Around Article 62
Walid Abou Zaki
Feb 25, 2026
5 min
Europe’s Crypto Purge: Did Lithuania Just Kick Out Innovation — and is the UAE the Beneficiary?
Salma Naueihed
Feb 18, 2026
7 min
Read More Articles
In the Same Space
SEC and CFTC Sign Coordination Pact to Align Crypto and Financial Market Oversight
News Desk
Mar 12, 2026
4 min
U.S. Senators Negotiate Stablecoin Rewards Compromise in Market Structure Bill
News Desk
Mar 11, 2026
4 min
US Banks Weigh Lawsuit Over Crypto Trust Charters
News Desk
Mar 10, 2026
3 min
U.S. Congress Considers Granting Crypto Exchanges Authority to Freeze Suspicious Assets
News Desk
Mar 9, 2026
4 min
