Coinbase is being sued, according to a lawsuit filed May 1, due to unlawful collection and improper use of customers' biometric data. This includes data linked to facial recognition and fingerprints collected during Know Your Customer (KYC) onboarding. This suit alleges violation of Illinois’ Biometric Information Privacy Act (BIPA). According to BIPA, a company collecting biometric data is required to inform in writing that this data is being collected, the specific purpose, and length of term to retain. According to Plaintiff Michael Massel, all data should be scheduled for deletion after collection. Further, it is claimed that information has been "...disclosed, redisclosed, or otherwise disseminated..." to third parties for the sake of profit. Those named explicitly in suit include: Jumio Corporation, Onfido, Inc., Au10tix LTD, Solaris AG, and Liquid Co., Ltd. Plaintiff is seeking $5,000 in damages for each violation of BIPA and a further $1,000 per other violations found.
Coinbase is already in hot water with the SEC to defend their position that securities are not being sold or traded on its platform via staking services; which led to a petition by Coinbase for the SEC to reply with much needed clarity on legal frameworks regarding cryptocurrency exchange. SEC Chair Gary Gensler expects cryptocurrency exchanges to formally register with the SEC, claiming that his department is in the business of litigation rather than lawmaking. Clarity on legislation remains elusive.