Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
The UK fintech giant Revolut is now facing a class action lawsuit in the US state of Illinois. The lawsuit alleges that the company has been unlawfully collecting, storing, and using its users’ biometric data.
In order to use Revolut’s app, users need to create and verify their account. In order to do this, they must submit a photograph of their ID, as well as a selfie, in order for Revolut to then use its facial recognition software and ensure that the person in the selfie is the same one as on the ID.
However, a court document first reported by the Cook County Record shows that the plaintiff who sued the company, Tina Haralampopoulos, claims that the company has violated the state’s Biometric Information Privacy Act (BIPA).
How did Revolut violate BIPA?
According to the plaintiff, the company did not disclose how the biometric data provided by the app users is collected, stored, and destroyed. Since it failed to notify users of the matter, it also did not receive their consent to collect, store, and use this data.
Furthermore, the lawsuit alleges that Revolut did not disclose the participation of any third parties in the process. According to the document, “Utilizing biometric identification software, such that Defendant uses in its registration process, exposes consumers to serious and irreversible privacy risks, especially here where it is not clear to consumers that Defendant is collecting their biometric identifiers when they apply to sign up with Defendant.”
Haralampopoulos now seeks an order declaring that the company’s conduct violates BIPA, and if it turns out that this is true, that Revolut stops collecting the data. In addition to that, the plaintiff also seeks the award of damages.
According to some assessments, the company could be facing millions of dollars in damages for the violation. While the data is believed to eventually be destroyed, the company seemingly did fail to inform the users of the use of the biometric data or the extent of time it will have it stored within its systems prior to its destruction.
How much will Revolut have to pay?
According to BIPA rules, a company that violates the act has to pay damages of up to $5,000 per every violation in the past five years. Given Revolut’s size and the popularity of its app, the company would have to pay several millions worth of damages should the lawsuit be successful.
Facebook saw a similar situation back in 2021 when the company had to pay over $650 million in damages for breaching BIPA rules. At the time, it was described as one lf the largest settlements for privacy violations in history. Google was facing a similar lawsuit in the past, but it was ultimately dismissed.
Now that Revolut faces the same situation, it is unknown whether or not the company will be found in violation of the law. If so, it will have to pay millions, which would mark another heavy blow, especially after the firm recently lost $20 million to a cyberattack.
