A class action lawsuit accuses crypto website and mobile phone application, Moonpay, of allegedly wrongly scanning users' faces when they log in, allegedly violating Illinois's biometrics privacy law.
"As part of signing up, and/or gaining access to her MoonPay account, Plaintiff was prompted to allow MoonPay to collect her facial geometry, i.e., her biometric information in order to verify her identity and ensure that she can meet the standards required by MoonPay in order to have access to the application," says the lawsuit, filed in Cook County Circuit Court.
Facial geometry scans are "unique, permanent biometric identifiers associated with each user that cannot be changed or replaced if stolen or compromised," the lawsuit states.
Moonpay never told lead plaintiff Candice Wilhelm that it was collecting or storing her biometric information, the lawsuit states.
"In fact, MoonPay made no mention of biometric information, collection of biometric information, or storage of biometric information," the suit alleges.
"Moreover, MoonPay did not inform Plaintiff in writing of the specific purpose and length of term for which her biometric information was being collected, stored, and used."
These were violations of the Illinois Biometric Privacy Act, the lawsuit alleges.
It seeks $5,000 for each intentional violation and $1,000 for each negligent violation.
The lawsuit makes Moonpay just one of many financial app operators targeted by class actions under Illinois' stringent biometrics privacy law in recent months. Payouts under such lawsuits can quickly climb to what judges and defendants alike have described as "astronomical" levels, after the Illinois Supreme Court recently ruled that the BIPA law should be interpreted to define "individual violations" as each time a company scans someone's biometric identifier over a period beginning five years before the lawsuit was filed. When multiplied across thousands or possibly millions of users, potential judgments under BIPA could spiral quickly into the many millions or even billions of dollars.
The Illinois Supreme Court has also repeatedly ruled that plaintiffs don't ever have to actually prove they were harmed by the alleged improper collection of their biometric data to make such payment claims.
Attorneys typically claim about one third of such payouts.
The plaintiffs are represented by attorney Michael L. Fradin, of Fradin Law, of Athens, Ohio, and James L. Simon, of Simon Law Co, of Chagrin Falls, Ohio.