USA - Illinois The amendment defines “data brokers” any business “that knowingly collects and sells to third parties the personal information of a customer with whom the business does not have a direct relationship.” Notably, data brokers would not include organizations covered by the Fair Credit Reporting Act (“FCRA”) or the Gramm-Leach-Bliley Act (“GLBA”). If the amendment to PIPA is passed, data brokers will need to register with the Illinois Attorney General on an annual basis which also includes a registration fee that is to be determined by the Attorney General. Additionally, data brokers will need to provide the following information: The name of the data broker and its primary physical, email, and Internet website addresses; Whether the data broker collects the personal information of minors; Whether the data broker collects consumers’ precise geolocation; Whether the data broker collects consumers’ reproductive health care data; A link to a page on the data broker’s website that does not make use of any dark patterns; and Whether, and to what extent, the data broker or any of its subsidiaries is regulated by the FCRA or GLBA. Regulatory Authorities and consequences of non-compliance The provisions set forth in 815 ILCS §§ 530/1 through 530/25 are enforced by the Illinois Attorney General. Violations of the statute are https://www.mcdonaldhopkins.com/
Legislative Scope of the proposed Illinois Data Protection and Privacy Act (HB3385) The proposed Data Protection and Privacy Act (“DPPA”) applies to any entity that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data (“covered entity”). A covered entity does not include a federal, State, tribal, territorial, or local government entity, or an entity acting as a service provider to the aforementioned government entity. The definition also does not include nonprofits, national resource centers, or clearinghouses providing assistance to various vulnerable groups as defined further in the bill. considered unlawful practices under the Consumer Fraud and Deceptive Business Practices Act and as such are subject to all applicable penalties under the Act. To that end, covered entities that fail to comply with the statutory requirements are subject to both monetary and civil liability penalties. This includes: Injunction; The inability to conduct business within Illinois; Civil penalties up to $50,000; Additional penalties of $50,000 per violation; Additional penalties of $10,000 per violation for acts committed against a person 65 years or older.
Made with FlippingBook - PDF hosting