.svg)
The UK fintech is facing a class action lawsuit in Illinois over alleged abuse of biometric data collection.
Revolut has been accused of violating US state Illinois' Biometric Information Privacy Act (BIPA) by failing to disclose how customers’ biometric data is collected, stored and destroyed, or secure written consent.
The case revolves around the customer onboarding process that Revolut uses.
When applying to become a customer at the fintech giant, users have to submit photographs of their ID and a selfie. Subsequently, facial recognition software is then used to ensure that the two images are the same person.
According to court documents, Revolut, who declined to comment on the case, “disregards consumers’ statutorily protected privacy rights and unlawfully collects, stores, and uses, their biometric data in violation of the BIPA”.
The new class action, which has been brought forward by plaintiff Tina Haralampopoulos in Cook County, is seeking an order declaring that Revolut’s conduct violates the BIPA, requiring the company to cease the unlawful activities discussed and awarding damages to the plaintiff and others that she is representing.
“Utilising biometric identification software, such that Defendant uses in its registration process, exposes consumers to serious and irreversible privacy risks, especially here where it is not clear to consumers that Defendant is collecting their biometric identifiers when they apply to sign up with Defendant,” the court documents says.
The class action means more bad press for the company, which has been struggling to obtain a banking licence in the UK.
For example, it was reported last year in the Financial Times that a flaw in Revolut’s payment system in the US resulted in criminals being able to steal more than $20m of its funds over several months before the company could close the loophole.
The company launched in the US in March 2020 and is headquartered in Delaware.
The BIPA is a data protection law in Illinois that was enacted in 2008 due to the “very serious need [for] protections for the citizens of Illinois when it [comes to their] biometric information.”
This was spurred by the bankruptcy of a biometrics company called Pay By Touch in late 2007. The company has provided major retailers throughout the state of Illinois with fingerprint scanners to facilitate consumer transactions.
According to the court documents, that bankruptcy was alarming to the Illinois legislature because suddenly there was a serious risk that millions of fingerprint records could now be sold, distributed or otherwise shared through the bankruptcy proceedings without adequate protections for Illinois citizens.
“The bankruptcy also highlighted the fact that most consumers who had used that company’s biometric scanners were completely unaware that the scanners were not actually transmitting data to the retailer who deployed the scanner, but rather to the now-bankrupt company, and that their unique biometric identifiers could now be sold to unknown third parties,” the court documents state.
