Coinbase complaint calls crypto exchange's KYC procedures 'unlawful'

A legal suit alleges crypto exchange Coinbase violated Illinois' biometric privacy laws through its Know Your Customer checks and related data storage.

The complaint was filed in a California District Court on May 1. It claims that Coinbase violated Illinois' Biometric Information Privacy Act (BIPA), which would have required the publicly traded U.S. exchange to gain users' permission when collecting their biometric data.

Coinbase, like other centralized exchanges, requires users to upload scans of a valid identity card and a selfie. It then uses this information to create a biometric template of a user's face, which it uses to confirm a facial match.

Claiming Coinbase's KYC compliance procedure is "unlawful," the complaint says that users would have no protection against identity theft if the centralized company's biometric data database was hacked. It also insists that the exchange should have permanently destroyed users' biometric data immediately following successful KYC checks.

Coinbase did not immediately respond to a request for comment.

Coinbase's data misuse allegations

The complaint also claims Coinbase had to provide information as to the purpose of the collection, the length that it would be stored, how long it would be used and retained, and how it would be permanently destroyed. The filing argues that the exchange "had no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information."

The plaintiff — a Coinbase user named Michael Massel — seeks $5,000 in damages per intentional BIPA violation or $1,000 per unintentional violation.

The exchange's shares are trading at just over $50 per share, having climbed nearly 50% this year.

Coinbase's share price is down more than 6.5% on the day. Source: TradingView