Coinbase complaint calls crypto exchange's KYC procedures 'unlawful'

Quick Take

  • A complaint filed in a California District Court claims Coinbase’s biometric data collection practices relating to Know Your Customer checks broke the law.

A legal suit alleges crypto exchange Coinbase violated Illinois' biometric privacy laws through its Know Your Customer checks and related data storage.

The complaint was filed in a California District Court on May 1. It claims that Coinbase violated Illinois' Biometric Information Privacy Act (BIPA), which would have required the publicly traded U.S. exchange to gain users' permission when collecting their biometric data.

Coinbase, like other centralized exchanges, requires users to upload scans of a valid identity card and a selfie. It then uses this information to create a biometric template of a user's face, which it uses to confirm a facial match.

Claiming Coinbase's KYC compliance procedure is "unlawful," the complaint says that users would have no protection against identity theft if the centralized company's biometric data database was hacked. It also insists that the exchange should have permanently destroyed users' biometric data immediately following successful KYC checks.

Coinbase did not immediately respond to a request for comment.

Coinbase's data misuse allegations


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The complaint also claims Coinbase had to provide information as to the purpose of the collection, the length that it would be stored, how long it would be used and retained, and how it would be permanently destroyed. The filing argues that the exchange "had no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information."

The plaintiff — a Coinbase user named Michael Massel — seeks $5,000 in damages per intentional BIPA violation or $1,000 per unintentional violation.

The exchange's shares are trading at just over $50 per share, having climbed nearly 50% this year.

Coinbase's share price is down more than 6.5% on the day. Source: TradingView

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Adam is the managing editor for Europe, the Middle East and Africa. He is based in central Europe and was a managing editor and podcast host at the crypto exchange OKX's former research arm, OKX Insights. Before that, he co-founded, which he elevated into one of the leading crypto media brands at its peak as the editor-in-chief. Earlier, he served as the editor-in-chief at Before joining the blockchain and crypto industry, he worked for, and He tweets via @XBT002 and can be emailed at [email protected].


To contact the editor of this story:
Andrew Rummer at
[email protected]