Allegations of Breaching Biometric Law
Coinbase is now dealing with a class action lawsuit in the United States. A group of users from Illinois has accused the cryptocurrency exchange of unlawfully collecting facial data without appropriate consent. The legal action claims Coinbase failed to comply with the state’s Biometric Information Privacy Act (BIPA), a law that governs the collection and use of personal biometric details.
The claim, filed on 13 May in a federal court, says the exchange asked new users to provide a government-issued ID and a selfie as part of its onboarding process. That image was then sent to third-party firms using facial recognition software to verify identities. However, the lawsuit alleges that customers were never clearly told what was happening with their facial data or how it would be handled.
Figure1: Coinbase (Source: BiometricUpdate.com)
Under BIPA, companies must tell individuals if they are collecting biometric details, explain how they plan to use the data, and get written permission before doing so. The users claim Coinbase did not follow any of these steps, making its process unlawful under Illinois law.
Third Parties and Lack of User Approval
According to the lawsuit, Coinbase also handed over biometric information to outside providers like Jumio, Onfido, Au10tix, and Solaris without gaining user consent. These companies specialise in identity checks using facial recognition, but the complainants argue that users were never informed their details would be shared in this way.
The legal filing also states that over 10,000 individuals attempted to resolve the matter privately through arbitration. Coinbase reportedly declined to pay the fees required for the arbitration process, causing those claims to be dismissed. This left users with limited options, ultimately prompting them to take the issue to court.
The suit includes multiple complaints: three for breaching Illinois’ biometric privacy regulations and one for alleged deceptive business conduct under the state’s consumer protection laws. The plaintiffs are seeking financial penalties of up to $5,000 per person for each deliberate breach, or $1,000 for violations caused by negligence. They’re also calling for the exchange to cover legal expenses and change how it deals with biometric information going forward.
A Growing List of Legal Woes
This isn’t the first time Coinbase has faced criticism over its use of facial data. In May last year, the company was taken to court in a similar dispute, though that case was dropped after the parties agreed to settle through arbitration.
The exchange company is also currently dealing with several other legal issues, including fallout from a recent security incident. On 15 May, Coinbase disclosed that some of its support staff had been bribed to give out private user information, prompting serious concerns about its internal safeguards.
Figure2: Coinbase (Source: Yahoo Finance)
The biometric case adds to the mounting pressure on Coinbase to clean up its privacy practices. As facial recognition becomes more common in digital identity checks, particularly in crypto platforms, companies are under greater scrutiny to manage personal data responsibly.
What seems like a simple photo verification step may raise major legal concerns if not handled properly. With this lawsuit, Coinbase could be facing both reputational damage and costly penalties if the court finds it breached privacy rules.
As the legal process unfolds, investors and users alike will be watching to see how the company responds. In the fast-moving digital economy, data protection is more than a checkbox—it’s a core part of user trust. Coinbase may need to make major adjustments if it wants to stay on the right side of the law and its customers.
The outcome of this case could set an important precedent for how crypto firms handle sensitive personal data in the future.
