Coinbase user Michael Massel filed a lawsuit against the company, stating that the exchange’s KYC procedures violate U.S. law.
The plaintiff argues that the platform violated the Illinois Biometric Information Privacy Act (BIPA), which requires advance consent for the collection of data.
Coinbase, like other centralized exchanges, asks users to scan a government-issued ID and a selfie to complete KYC. The company then uses this information to create a biometric facial template, which is used to verify documents.
Massel asserts that this approach puts citizens’ personal data at risk in the event of a breach. He also insists that Coinbase destroy users’ biometric data immediately after a successful verification.
According to the suit, the exchange did not have a publicly available policy setting retention periods and guidelines for the irreversible destruction of such information.
The disgruntled plaintiff also sought damages from the company of $5,000 for intentional violation of BIPA or $1,000 for unintentional conduct.
As reported on March 23, the U.S. Securities and Exchange Commission (SEC) sent a notice to the exchange regarding an investigation into the listing procedures on the platform and its products — Coinbase Prime, Coinbase Wallet and staking service Coinbase Earn.
In April, the company responded to the SEC’s allegations, stating it was prepared to ‘vigorously defend’ itself. Representatives of the exchange also noted that the regulator could suffer reputational damage from the proceedings.