Ill. Lawmakers May Consider Privacy, Delete Act and BIPA Update Bills
Illinois legislators introduced a slew of privacy measures last week, including a comprehensive bill, Delete Act proposal and multiple updates to the state’s Biometric Information Privacy Act (BIPA).
Sign up for a free preview to unlock the rest of this article
Rep. Abdelnasser Rashid (D) on Thursday proposed HB-3041, making Illinois at least the 10th state this year to propose a broad data privacy bill. Twenty other states have comprehensive laws.
The Illinois bill would require data minimization. Covered entities “may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate,” said the bill’s synopsis.
Consumers would get rights to access their data and categories and names of third parties that received their data; correct and delete data; obtain a portable form of the data. “A covered entity may not transfer or direct the transfer of the covered data of an individual to a third party without obtaining the individual's affirmative express consent.” Opt-in consent would also be necessary for targeted advertising, a practice that would be banned completely for minors.
Covered entity means “means any entity or any person, other than an individual acting in a non-commercial context, that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data.” It doesn’t include governments or certain nonprofits.
The bill would include a private right of action. In addition, the attorney general, state’s attorney or a municipality’s attorney could bring civil actions under the bill. Also, HB-3041 would authorize an AG rulemaking. The law would take effect 180 days after it’s signed.
Among other Illinois bills introduced last week is a proposal to establish a data broker registry at the AG office. HB-2913 by Rep. Daniel Didech (D) would also require the AG to set up an accessible data deletion mechanism by 2027.
Sen. Graciela Guzman (D) introduced an immigration privacy bill (SB-1995). It would amend the state’s Personal Information Protection Act to require “that a data collector shall not own, maintain, license, store, or disclose records that contain immigration or citizenship status information concerning an Illinois resident.”
Multiple other bills seek to amend the Illinois BIPA, a 2008 law that has spurred many class-action lawsuits. Rep. Dan Ugaste (R) proposed adding a 30-day right to cure before an individual may sue. Ugaste’s HB-2838 seeks a variety of other changes, including to update BIPA’s definition of biometric identifier to carve out “information captured and converted to a mathematical representation.” Also, it would carve out collecting biometric information and identifiers for security purposes.
Meanwhile, HB-2984 by Rep. Anne Stava-Murray (D) would add neural data to BIPA’s definition of biometric identifier. Sen. Cristina Castro (D) proposed a clarification (SB-2051) that nothing in the law applies to vehicle safety technology.
Finally, Sen. Erica Harriss proposed a bill (SB-2082) requiring reasonable age verification to keep minors under 18 away from online material deemed harmful.