The Illinois Data Protection and Privacy Act (HB3385) – introduced by state Rep. Abdelnasser Rashid in the 2023 House session – seeks to reform corporate data practices and give consumers much needed privacy protections.
Many states are currently considering new privacy regulations. Modeled off the bipartisan American Data Protection and Privacy Act introduced in Congress last year, the Illinois Data Protection and Privacy Act is one of the strongest pieces of privacy legislation nationally, seeking to put meaningful controls in place to regulate the data industry.
The data industry’s widespread harvesting of personal information including demographics, past purchases and browsing and search histories has drawn more attention in recent years. Data brokers and marketers gather, sell and share this information rapidly, often without consumers’ knowledge.
The bill would legally limit companies to only collecting information they need to deliver the service a consumer is expecting to get, and then only use the data for that purpose – a principle called data minimization. This approach to privacy is the strongest and most comprehensive for protecting people’s data.
If passed, the bill would provide even greater privacy protections to Illinois residents, joining the Biometric Information Privacy Act as one of the strongest in the nation.
The bill is stronger than its federal counterpart in one key way: it doesn’t preempt the states’ rights to pass stronger bills. States are able to pass new legislation much more quickly than Congress, and when it comes to regulating technology, states are better positioned to stay on top of fast-moving industry changes.
PIRG endorses the Illinois Data Protection and Privacy Act, and is committed to helping it pass.