Coinbase in the Spotlight: Biometric Collection Without Consent — A New Risk Zone for Crypto Exchanges
In a world where privacy is becoming an illusion, even the crypto frontier may not be as decentralized as it claims. This week, a class action lawsuit was filed against Coinbase — and it’s not about finances.
The lawsuit focuses on the collection and use of biometric data, specifically faceprints — digital facial scans obtained during identity verification (KYC). According to the plaintiffs, Coinbase collected this data without proper notification, failed to clarify how long it would be stored, who could access it, and for what purposes it was processed. Moreover, investigations suggest that some of the data may have been shared with third-party contractors without user consent.
This isn’t a case of simple legal negligence. It highlights a systemic clash between Web3 ideals and Web2 practices — where the promise of crypto anonymity breaks under regulatory pressure, and data collection tools become even more aggressive than those used by traditional banks.
Coinbase, which brands itself as a “regulated alternative to crypto chaos,” is now under fire not for its tokens, but for the procedures it should have handled with the utmost care. The faceprint scandal is a warning to the industry: if even the biggest players operate in a biometric gray zone, where is the line between security and surveillance?
While the SEC and Congress debate how to formalize the crypto market, it’s increasingly the courts that become the last defense for user rights. This lawsuit could become a precedent, reshaping how KYC and biometric data are handled across the U.S. crypto landscape.
