A legal storm is brewing in the Prairie State as Coinbase, the prominent cryptocurrency exchange, finds itself in hot water over allegations of breaching Illinois’ Biometric Information Privacy Act (BIPA). The lawsuit, filed on May 13, 2025, by Illinois residents Scott Bernstein, Gina Greeder, and James Lonergan, claims that Coinbase’s identity verification procedures unlawfully harvest biometric data without proper user consent.
Biometric Backlash
The complaint paints a picture of widespread concern, accusing Coinbase of secretly gathering biometric identifiers through its Know Your Customer (KYC) protocols. Users are asked to upload government-issued photo IDs and selfies, which are then processed by third-party facial recognition software. This practice, the plaintiffs argue, results in the extraction of facial geometry—amounting to a collection of faceprints—without the informed written consent mandated by BIPA.
According to the plaintiffs, Coinbase is remiss in its duty to inform users in writing about the collection, storage, or sharing of their biometric data. They allege that the exchange failed to provide a clear retention schedule or destruction guidelines for this sensitive information. “Coinbase does not publicly provide a retention schedule or guidelines for permanently destroying Plaintiffs’ biometric identifiers as specified by BIPA,” the lawsuit asserts.
Further complicating matters, the plaintiffs claim that Coinbase shares this biometric data with external verification vendors such as Jumio, Onfido, Au10tix, and Solaris, again without explicit consent. This, they argue, constitutes a direct violation of BIPA.
The Ripple Effect
The implications of this lawsuit could be far-reaching. Legal experts are watching closely, noting that a successful suit could set a precedent for how biometric data is handled across the industry. “This is a critical juncture for privacy laws in the digital age,” commented Sheila Reynolds, a legal analyst specializing in tech privacy. “If the courts find in favor of the plaintiffs, it could force not just Coinbase, but the entire crypto industry, to rethink their data practices.”
Coinbase is no stranger to legal challenges. In fact, this isn’t the first time the exchange has been embroiled in BIPA-related disputes. A similar lawsuit from May 2023 was paused for arbitration and eventually dismissed in February 2024 after an agreement between the parties. That case, too, revolved around claims of unlawful biometric data collection. This follows Coinbase’s involvement in other legal battles, such as their defense of user data in a Supreme Court case against the IRS.
Adding to its legal woes, Coinbase faces at least six other lawsuits stemming from a recent scandal involving customer support agents allegedly bribed to leak user data. It’s a double whammy that raises questions about the exchange’s overall data governance, especially in light of recent controversies like the Movement Labs suspension amid a Coinbase delisting scandal.
Future Shocks?
As the legal battle unfolds, the plaintiffs are seeking damages of $5,000 per willful or reckless violation and $1,000 per negligent violation, along with injunctive relief and coverage of litigation costs. With more than 10,000 individuals reportedly filing demands for arbitration over similar grievances, the stakes are undeniably high.
The broader cryptocurrency market is watching with bated breath. The outcome of this lawsuit could influence regulatory approaches not just in Illinois, but potentially ripple out to other jurisdictions. Will Coinbase’s legal strategy hold water, or will it sink under the weight of these allegations?
As the cryptocurrency landscape continues to evolve, this case serves as a potent reminder of the delicate balancing act between innovation and privacy. The resolution of these allegations could chart a new course for how digital platforms handle user data—biometric or otherwise. For now, the industry waits, watches, and wonders: what comes next?
Source
This article is based on: Coinbase faces lawsuit over alleged breaches of Illinois biometric privacy law
Further Reading
Deepen your understanding with these related articles:
- Sam Altman’s World Crypto Project Launches in US With Eye-Scanning Orbs in 6 Cities
- ‘Huge Shift’ in crypto firms’ compliance mindset, says Elliptic co-founder
- AI-Powered Court System Is Coming to Crypto With GenLayer
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
