UK neobank Revolut is facing a US class action lawsuit over its collection of biometric data.

Documents from a court in Illinois – first reported by local publication the Cook County Record – outline a complaint from plaintiff Tina Haralampopoulos which alleges that Revolut has been unlawfully collecting, using and storing sensitive biometric data.

The class action, filed on behalf of Haralampopoulos and other Illinois citizens, specifically refers to the bank’s mobile platform whereby users have to submit 'selfies' alongside an image of an identification card as part of a facial recognition process during the application stage.

Revolut integrates facial recognition technology into its app which can scan the images to determine whether the selfie image matches that of the identification card or drivers licence.

The court document also claims that the software can see whether the image matches other photos in its database, the biometric data of known masks, or in some instances, on information and belief, "third party and/or government databases".

The complainant says that this technology exposes consumers to "serious and irreversible" privacy risks, particularly as it is "not clear to consumers that the defendant is collecting their biometric identifies when they apply to sign up".

The class action alleges that Revolut is breaching legislation in Illinois, called the Biometric Information Privacy Act (BIPA), which was designed to regulate companies that collect and store Illinois citizens' biometrics.

"Despite this law, [the] defendant disregards consumers’ statutorily protected privacy rights and unlawfully collects, stores, and uses, their biometric data in violation of the BIPA in regards to its services," reads the document.

It says that Revolut has violated this law because it did not properly inform the plaintiff and other class members in writing of the specific purpose and length of time for which their biometric data was being collected, stored, and used, as required by the BIPA.

Additionally, it suggests that the FinTech failed to provide and make known a publicly available retention schedule and guidelines for permanently destroying biometric data, as required by the legislation.

Finally, it states that Revolut didn't receive a written release from those filing the class action to collect, capture, or otherwise obtain their biometric data.

FStech has approached Revolut for comment.

---