What is the Mercari biometric data lawsuit about?

The Mercari lawsuit alleges that the online marketplace collected facial biometric data (facial geometry scans) from Illinois users during its identity verification process without providing proper written notice or obtaining written consent as required by the Illinois Biometric Information Privacy Act (BIPA). When users uploaded a selfie and government ID to verify their Mercari account, the verification technology allegedly scanned and mapped their facial geometry without meeting BIPA's disclosure requirements.

Who is eligible for the Mercari BIPA lawsuit?

You may be eligible if you are an Illinois resident who uploaded a photo of your government-issued ID and a selfie to verify your identity on Mercari at any time within the last five years. This includes both buyers and sellers who went through the identity verification process on the Mercari app or website.

How much could I get from the Mercari lawsuit?

Under BIPA, individuals can recover statutory damages of $1,000 per negligent violation or $5,000 per intentional or reckless violation. The exact amount each person could receive depends on how the case resolves. There is no settlement fund or guaranteed payout at this time because the case is still in the investigation and arbitration stage.

Is the Mercari lawsuit a class action?

No. The Mercari BIPA case is being pursued through individual arbitration claims, not a traditional class action lawsuit. Mass arbitration is a legal process where many individuals file separate arbitration claims against the same company over the same issue at the same time. Each person's claim is handled individually.

Is there a Mercari settlement or claim form available?

No. There is no settlement, no settlement fund, and no claim form available at this time. The Mercari BIPA investigation is still in its early stages. Individual arbitration claims are being pursued, but no resolution has been reached yet.

What is BIPA and how does it protect Illinois residents?

The Illinois Biometric Information Privacy Act (BIPA) is a state law enacted in 2008 that regulates how private companies collect, store, and use biometric data such as fingerprints, facial geometry scans, iris scans, and voiceprints. BIPA requires companies to provide written notice about the collection, explain the purpose and retention period, and obtain written consent before collecting biometric data. Illinois is the only state where private citizens can sue companies directly for BIPA violations.

What other companies have been sued under BIPA for facial scans?

Numerous major companies have faced BIPA lawsuits for collecting facial biometric data. Notable settlements include Facebook ($650 million), Google ($100 million), TikTok ($92 million), Snapchat ($35 million), and Clearview AI ($51.75 million). Third-party identity verification vendors like Jumio have also been sued separately for BIPA violations related to facial geometry scans performed during identity verification processes.

Mercari Facial Scan Lawsuit — Illinois Users May Be Owed $1,000+ for Biometric Data Collection

Q: What is facial geometry data and why does it matter?

Facial geometry data is a mathematical map of the unique features of your face — including the distance between your eyes, the shape of your jawline, the contour of your cheekbones, and other measurements. Unlike a password, you cannot change your facial geometry if it is compromised. This is why BIPA treats biometric identifiers like facial geometry scans with special protection.

Q: How does Mercari's identity verification process work?

Mercari asks users to verify their identity by uploading a photo of their government-issued ID (such as a driver's license or passport) and taking a real-time selfie through the app. The selfie is then compared to the photo on the ID using facial recognition technology provided by a third-party verification vendor. The process captures and analyzes the user's facial geometry to confirm the person holding the ID is the same person in the selfie.

Q: What is mass arbitration and how is it different from a class action?

Mass arbitration is a legal strategy where hundreds or thousands of individuals file separate arbitration claims against the same company at the same time over the same issue. Unlike a class action, each person's claim is handled individually rather than grouped into one lawsuit. Companies often include mandatory arbitration clauses in their terms of service that prevent class actions, so mass arbitration is a way for large groups of consumers to still pursue their claims.

Mercari BIPA Biometric Data Facial Scan Lawsuit - Illinois Users

Steve Levine | Published: February 19, 2026

Status: No Class Actions - Individual Arbitration Claims Being Pursued

Potential Award: $1,000 – $5,000 Per Violation Under Illinois BIPA

Who Qualifies: Potentially - Illinois Residents Who Verified Their Identity on Mercari

If you are an Illinois resident who uploaded a selfie and a photo of your government-issued ID to verify your identity on Mercari, your biometric privacy rights may have been violated. Attorneys are pursuing individual arbitration claims against the popular online marketplace for allegedly collecting facial biometric data — specifically, scans of facial geometry — from Illinois users without providing the written notice or obtaining the written consent required under the Illinois Biometric Information Privacy Act (BIPA).

This is not a class action lawsuit. It is a mass arbitration, which is a legal process where many individuals file separate arbitration claims against the same company at the same time. There is no settlement fund, no claim form, and no payout timeline at this stage. The investigation is active, and claims are being filed on behalf of qualifying Illinois residents.

Under Illinois BIPA, individuals whose biometric data was collected without proper consent can recover statutory damages of $1,000 per negligent violation or $5,000 per intentional or reckless violation, plus reasonable attorney fees and costs.

What Did Mercari Allegedly Do Wrong?

Mercari is an online marketplace where people buy and sell items like clothing, electronics, collectibles, and household goods. To use certain features on the platform — including making purchases above certain thresholds, accessing instant payments, selling authenticated items, or simply messaging a seller — Mercari requires users to verify their identity.

The verification process asks users to upload a photo of their government-issued ID (such as a driver's license or passport) and then take a real-time selfie through the Mercari app. The selfie is compared to the photo on the ID using facial recognition technology powered by a third-party identity verification vendor. During this comparison, the technology allegedly captures and analyzes the user's facial geometry — a detailed mathematical map of unique facial features like the distance between the eyes, the shape of the jawline, the contour of the cheekbones, and other biometric measurements.

The allegation is that Mercari collected these facial geometry scans from Illinois users without first doing what BIPA requires: informing users in writing that their biometric data was being collected, explaining the purpose of the collection and how long the data would be stored, and obtaining the user's written consent before capturing the data. The investigation also alleges that Mercari failed to publish a publicly available data retention and destruction policy for biometric data, as BIPA requires.

What Is Facial Geometry Data and Why Does It Matter?

Facial geometry data is not just a photograph. It is a mathematical representation of the unique physical characteristics of your face. When identity verification software analyzes a selfie, it measures specific features — the spacing of your eyes, the width of your nose, the angle of your jaw, the depth of your eye sockets, the shape of your cheekbones — and creates a numerical "faceprint" that is unique to you.

This is the same type of data that powers facial recognition technology used by law enforcement, airports, and tech companies. The reason this data is so sensitive is simple: unlike a password or even a Social Security number, your facial geometry cannot be changed. If your facial biometric data is hacked, breached, or misused, you cannot get a new face. You have no recourse. This is the core reason Illinois enacted BIPA in 2008 — to give residents control over their own biometric identifiers before they are collected, not after.

Who Qualifies for the Mercari Biometric Data Claims?

You may qualify if you meet all of the following criteria:

• You are a resident of Illinois (or were an Illinois resident when you used Mercari).
• You uploaded a photo of your government-issued ID and a selfie to verify your identity on Mercari.
• The identity verification occurred within the last five years (BIPA has a five-year statute of limitations).

This applies to both Mercari buyers and sellers. It includes anyone who went through the identity verification process on the Mercari app, whether it was to earn a verification badge, access higher-value transactions, use instant payments, or simply to comply with a mandatory verification prompt from Mercari.

You do not need to prove that your biometric data was actually misused. Under BIPA, the violation occurs at the point of collection without proper notice and consent — no proof of actual harm is required. The Illinois Supreme Court confirmed this in its 2019 Rosenbach v. Six Flags decision, ruling that individuals are "aggrieved" under BIPA simply because their rights were violated, regardless of whether they suffered any downstream injury.

What Is BIPA and Why Does It Only Apply to Illinois?

The Illinois Biometric Information Privacy Act (BIPA) was enacted in 2008. It is the strictest biometric privacy law in the United States and remains unique because it gives private citizens the right to sue companies directly for violations. No other state biometric privacy law currently offers this private right of action (Texas and Washington have biometric laws, but enforcement is limited to the state attorney general).

BIPA defines "biometric identifiers" as retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry. "Biometric information" means any information based on a biometric identifier that is used to identify an individual.

Under BIPA, before a private company can collect your biometric data, it must:

• Inform you in writing that biometric data is being collected or stored.
• Inform you in writing of the specific purpose and length of time the data will be collected, stored, and used.
• Obtain your written consent (which can now include electronic signatures following a 2024 amendment).
• Publish a publicly available written policy establishing a retention schedule and guidelines for permanently destroying the biometric data.

Companies that violate BIPA face statutory damages of $1,000 per negligent violation or $5,000 per intentional or reckless violation. They may also be liable for attorney fees and court costs. Following the 2024 amendment (SB 2979, signed August 2, 2024), damages are now calculated on a per-person basis rather than a per-scan basis for repeated collections involving the same person. This means that if Mercari scanned your face multiple times, it would count as a single violation rather than a separate violation for each scan.

What Is Mass Arbitration and How Is It Different from a Class Action?

This Mercari case is being pursued as a mass arbitration, not a class action. Understanding the difference matters because it affects what to expect and how the process works.

In a class action lawsuit, one or a few people sue on behalf of everyone in a defined group. The court certifies the class, and any settlement or judgment applies to all class members. In mass arbitration, each person files their own individual arbitration claim against the company. The claims are filed separately but simultaneously, often by the same group of attorneys, and they all raise the same legal issues.

Mass arbitration has become increasingly common in BIPA cases. Many companies, including Mercari, include mandatory arbitration clauses in their terms of service that prevent users from filing class action lawsuits. Mass arbitration works within those arbitration clauses — each person exercises their individual right to arbitrate, but the sheer number of claims filed at once creates pressure on the company to resolve the dispute.

Because this is mass arbitration and not a class action, there is no settlement fund, no claim form, and no court-approved payout process. Each claim is handled individually. Outcomes may vary.

How Much Could Illinois Mercari Users Receive?

Under BIPA, the statutory damages are:

• $1,000 per negligent violation
• $5,000 per intentional or reckless violation

For context, other BIPA cases have resulted in significant payouts and settlements. Some of the largest BIPA settlements in history include Facebook at $650 million, Google at $100 million, TikTok at $92 million, Snapchat at $35 million, and Clearview AI at $51.75 million. Individual payouts in those class action settlements ranged from about $27 per person (TikTok, national class) to roughly $397 per person (Facebook, Illinois class) depending on how many claims were filed.

Mass arbitration claims are different because they are individual, not pooled. There is no guarantee of any particular amount. However, because each arbitration claim is separate, individual recoveries in mass arbitration can potentially be higher than what class members receive in class action settlements where the total fund is divided among thousands or millions of people.

There is no settlement, no settlement amount, and no payout timeline in the Mercari case at this point. The investigation and arbitration process is ongoing.

Why Is Mercari Requiring Identity Verification?

Mercari has stated that identity verification is required to keep the marketplace safe. The company describes itself as a "regulated financial institution" that must comply with federal regulations including Know Your Customer (KYC) requirements and anti-money laundering laws. Mercari also says verification helps prevent fraud and protects buyers and sellers.

Users who refuse to verify their identity may be unable to complete purchases, list items for sale, message other users, or access certain features. Mercari has warned that accounts may be closed if identity verification is not completed. Many users have reported that the verification requirement was not optional — it was triggered by routine activities like making a purchase or trying to contact a seller, with no way to use the platform without completing the process.

The legal issue is not whether Mercari can verify identities. The issue is whether the facial geometry scanning that happens during the verification process was done in compliance with BIPA's strict notice and consent requirements. A company can verify your identity in many ways that do not involve capturing biometric data. The allegation here is that Mercari used facial recognition technology to scan biometric data and did not follow the steps that Illinois law requires before doing so.

What Is a Third-Party Identity Verification Vendor?

Mercari does not perform identity verification itself. Instead, it uses a third-party identity verification vendor to process the ID photos and selfies that users upload. The vendor's technology compares the selfie to the ID photo using facial recognition, which involves scanning and mapping the facial geometry of the user.

The identity verification vendor Jumio has faced its own BIPA lawsuits. Jumio agreed to pay $7 million in 2020 to settle a BIPA class action alleging it collected, stored, and sold consumers' biometric data without consent. Jumio has also been named in BIPA lawsuits related to identity verification it performed for other companies, including cases involving cryptocurrency exchanges and gig economy platforms.

Under BIPA, both the company that directs the collection of biometric data and the vendor that performs the actual scanning can be held liable. The fact that Mercari used a third-party vendor does not shield it from BIPA liability if it directed or benefited from the collection of biometric data without proper consent.

The 2024 BIPA Amendment: What Changed?

On August 2, 2024, Illinois Governor J.B. Pritzker signed Senate Bill 2979 into law, amending BIPA for the first time since its enactment in 2008. The two key changes were:

First, damages are now calculated on a per-person basis, not a per-scan basis. Before the amendment, every single time a company scanned your biometric data without consent counted as a separate violation with separate damages. The Illinois Supreme Court confirmed this in the 2023 Cothron v. White Castle decision, which led to potential liability in the billions of dollars for some companies. Under the amendment, repeated collections of the same biometric identifier from the same person using the same method now count as a single violation.

Second, companies can now obtain written consent through electronic signatures (such as checking a box or tapping "I agree") rather than requiring traditional handwritten signatures.

Even with the amendment, BIPA damages remain significant. A single violation still carries potential damages of $1,000 (negligent) to $5,000 (intentional or reckless) per person, plus attorney fees. For a company with hundreds of thousands of Illinois users, the total liability can still be substantial. The amendment also does not apply retroactively, so violations that occurred before August 2, 2024 may still be subject to the old per-scan damages calculation.

What Should I Do If I Verified My Identity on Mercari?

If you are an Illinois resident who uploaded a selfie and a government-issued ID to verify your identity on Mercari, here is what you should know:

• There is no claim form to fill out at this time. This is not a class action with a settlement fund.
• Individual arbitration claims are being filed on behalf of qualifying Illinois residents.
• You do not need to prove that your biometric data was actually misused or that you suffered any injury. Under BIPA, the collection without proper notice and consent is itself the violation.
• The statute of limitations under BIPA is five years, so the timing of when you completed verification matters.
• If you signed up for mass arbitration, your claim is being handled individually. Outcomes vary.

If you have not taken any action yet and want to learn more about your options, you may want to consult with an attorney who handles BIPA cases. Many attorneys take these cases on a contingency basis, meaning you do not pay anything upfront and the attorney only gets paid if you recover damages.

Other BIPA Cases to Know About

BIPA has led to some of the largest privacy settlements in U.S. history. Here are some notable examples that give context for the Mercari investigation:

Facebook (now Meta) settled for $650 million in 2021 after being accused of using facial recognition technology on user photos without consent. Over one million Illinois users received approximately $397 each.

Google settled for $100 million over allegations that Google Photos collected facial biometric data from Illinois users without consent.

TikTok settled for $92 million over claims of biometric data collection. Illinois residents received roughly five times more than non-Illinois class members because of BIPA's stronger protections.

Snapchat settled for $35 million over facial filter technology that allegedly collected facial geometry data without consent.

Clearview AI settled for $51.75 million over its massive facial recognition database built from scraped photos across the internet.

BNSF Railway was ordered to pay $228 million after a jury found it violated BIPA 45,600 times by scanning truck drivers' fingerprints without consent.

These cases demonstrate that BIPA violations carry real financial consequences for companies, and that Illinois residents have successfully recovered meaningful compensation for unauthorized collection of their biometric data.

Frequently Asked Questions

Is there a Mercari settlement I can claim right now?

No. There is no Mercari BIPA settlement at this time. The case is in the investigation and individual arbitration stage. There is no settlement fund, no claim form, and no guaranteed payout.

Can I still join the Mercari arbitration?

The availability to participate may depend on timing and whether attorneys are still accepting new claims. BIPA has a five-year statute of limitations, so if you completed identity verification on Mercari within the last five years, you may still have a viable claim.

Do I need to live in Illinois right now?

BIPA applies to Illinois residents. If you were an Illinois resident at the time you verified your identity on Mercari, you may still qualify even if you have since moved. However, this is a fact-specific legal question best answered by an attorney.

Will this cost me anything?

Most BIPA attorneys work on a contingency fee basis, meaning you pay nothing upfront. The attorney is only paid a percentage of any recovery.

What if Mercari says they got my consent?

BIPA requires specific written disclosures and written consent before biometric data is collected. A general terms of service agreement or privacy policy may not satisfy BIPA's requirements. The investigation alleges that Mercari did not provide the specific BIPA-required disclosures before collecting facial geometry data. Whether Mercari's consent process meets BIPA standards would be decided during the arbitration proceedings.

I only used Mercari once to verify. Do I still qualify?

Yes. Under BIPA, a single collection of biometric data without proper consent is a violation. You do not need to have verified your identity multiple times.

What about other states? Can non-Illinois residents file claims?

BIPA is an Illinois state law that only applies to Illinois residents. If you live in another state, BIPA does not protect you unless you were an Illinois resident when the data collection occurred. Other states like Texas, Washington, and Colorado have biometric privacy laws, but none currently provide a private right of action comparable to BIPA.

Legal Disclaimer

This page is for informational purposes only. OpenClassActions.com is not a law firm and does not provide legal advice. There is no settlement, no claim form, and no guaranteed payout at this time. This article describes an active investigation and ongoing arbitration claims. For legal advice, speak with an attorney licensed in your state who handles BIPA cases.

How Do I Find Class Action Settlements?

Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:

For more open class actions and investigations keep scrolling below.

Open Class Action Lawsuit and Class Action Settlement

Bayer RoundUp Bug Spray Lawsuits

Status: Open to Claims

Submit Claim

Video Game Addiction Lawsuit

Deadline: Pending

Submit Claim

DraftKings & FanDuel Addiction Lawsuits

Status: Open

Submit Claim

Children playing Roblox and using Discord?

Pre-Qualify Here

Submit Claim

$4.85M Bayer Antifungal Spray Settlement

Deadline: March 11, 2026

Submit Claim

Michael Kors Outlet Class Action Settlement

Deadline: March 6, 2026

Submit Claim

Belkin Power Bank Settlement

Deadline: March 30, 2026

Submit Claim

File a rebate form to get a coupon, refund, rebate, or payment from this class action settlement

$7.25 Billion RoundUp Bug Spray Settlement

Deadline: Pending

Learn More

Balance of Nature $9.95M Class Action

Deadline: March 11, 2026

Submit Claim

Mercari BIPA Investigation Summary
Status	Active Investigation — Individual Arbitration Claims Being Pursued
Legal Basis	Illinois Biometric Information Privacy Act (BIPA)
Case Type	Mass Arbitration (Not a Class Action)
Allegation	Collection of facial geometry biometric data during identity verification without BIPA-required notice and consent
Defendant	Mercari, Inc.
Who Qualifies	Illinois residents who uploaded a selfie and government ID to verify their identity on Mercari within the last 5 years
Potential Damages	$1,000 (negligent) to $5,000 (intentional/reckless) per violation under BIPA
Settlement Fund	None — no settlement has been reached
Claim Form	None available — this is individual arbitration, not a class action settlement
Statute of Limitations	5 years from the date of the BIPA violation