CEX is facing a lawsuit for allegedly violating the Illinois Biometric Privacy Act.

[CEX Facing Lawsuit for Alleged Violation of Illinois Biometric Privacy Law] A group of CEX users from Illinois has filed a class-action lawsuit against the crypto assets exchange, accusing its identification checks of violating the state’s Biometric Information Privacy Act (BIPA). Plaintiffs Scott Bernstein, Gina Greeder, and James Lonergan claimed in a complaint filed in federal court on May 13 that CEX “massively collected” facial recognition information to meet “Know Your Customer” (KYC) requirements, violating BIPA because users were not notified. The group claims that the CEX did not provide written notification to users regarding the collection, storage, or sharing of their biometric data, as well as the purposes for which the data is used and the retention schedule. “CEX has not publicly provided a retention schedule or guidelines for the permanent destruction of the plaintiff’s biometric identifiers, which violates BIPA provisions,” they claimed. The complaint states that CEX requires users to verify their identity by uploading government-issued photo identification and a selfie, which will then be sent to third-party identification software for scanning and extracting facial geometric data. This process captured biometric identifiers without obtaining the user’s informed written consent, the lawsuit claims this violates BIPA.