summary
Introduced
02/06/2026
02/06/2026
In Committee
02/06/2026
02/06/2026
Crossed Over
Passed
Dead
Introduced Session
104th General Assembly
Bill Summary
Creates the Illinois Data Privacy Protection Act. Applies to legal entities that conduct business in Illinois or produce products or services that are targeted to Illinois residents and that satisfy one or more of the following thresholds: during a calendar year, controls or processes personal data of 100,000 consumers or more, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or derives over 25% of gross revenue from the sale of personal data and processes or controls personal data of 25,000 consumers or more. Requires a controller, alone or jointly with others, to consider the purposes and means of the processing of personal data in protecting the security of consumers while processing personal data and in notifying consumers of a breach of the security of the system. Authorizes rights to consumers under the Act to include, but not be limited to, the right to access their personal data, obtain a list of third parties to whom their data has been disclosed, request corrections to inaccurate data, and question the profiling of their information. Authorizes the Attorney General to enforce the Act. Amends the Personal Information Protection Act. Provides that, annually, on or before January 31, a data broker operating in the State must register with the Attorney General. Provides that the Attorney General shall create a page on its Internet website in which the registration information is accessible to the public that allows consumers to delete their personal information across all registered data brokers. Provides for civil penalties. Amends the State Finance Act to create the Data Privacy Protection Fund. Makes definitions. Makes other changes. Limits the concurrent exercise of home rule powers. Contains a severability provision.
AI Summary
This bill, titled the Illinois Data Privacy Protection Act, establishes new rules for how businesses handle the personal data of Illinois residents, aiming to give consumers more control over their information. It applies to companies that do business in Illinois or target Illinois residents and meet certain thresholds, such as processing the personal data of 100,000 or more consumers annually or deriving a significant portion of their revenue from selling personal data. The Act grants consumers rights including the ability to access, correct, and delete their personal data, as well as to opt out of its sale or use for targeted advertising and profiling. It also requires companies to be transparent about their data collection practices and to implement reasonable security measures. The bill further mandates that data brokers, defined as businesses that collect and sell personal information without a direct relationship with the consumer, must register annually with the Attorney General, who will maintain a public website with this information and a mechanism for consumers to request the deletion of their data across all registered brokers. The Attorney General is empowered to enforce the Act, with violations potentially leading to civil penalties, and a new Data Privacy Protection Fund is created to support these enforcement efforts. The bill also includes provisions for data privacy and protection assessments for certain processing activities and limits the ability of local governments to regulate consumer data privacy.
Sponsors (1)
Last Action
Referred to Assignments (on 02/06/2026)
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
Loading...