A U.S. District Court has granted Coinbase's request to temporarily suspend a lawsuit accusing the cryptocurrency exchange of violating Illinois' Biometric Information Privacy Act (BIPA). The case, filed in May, alleges that Coinbase engaged in "wholesale collection" of users' faceprints during its mandatory Know Your Customer (KYC) process and shared this biometric data with third-party authentication companies without obtaining explicit consent.
Judge Sharon Johnson Coleman of the U.S. District Court for the Northern District of Illinois Eastern Division issued the stay order, stating it would simplify issues, streamline the trial process, reduce litigation burden, and avoid unduly prejudicing the plaintiffs. The stay is pending a ruling from the U.S. Court of Appeals for the Seventh Circuit in a related case involving Nuance Communications and Charles Schwab, which could set precedent for how BIPA applies to financial services firms.
BIPA, enacted in 2008, is one of the strictest biometric privacy laws in the United States, requiring companies to obtain informed consent before collecting, storing, or sharing biometric data and providing clear data retention and destruction policies. Violations can result in damages of up to $5,000 per reckless or intentional violation and $1,000 per negligent violation.
This development occurs alongside other data security challenges for Coinbase, including a May incident where contractors in India accepted bribes to leak account information, leading to extortion attempts and additional lawsuits. The temporary halt does not dismiss the case but pauses proceedings while awaiting clarity from the appellate court, with potential significant implications for crypto exchange privacy practices and KYC processes nationwide.