Bill Summary – FastDemocracy

Amends the Probate Act of 1975. Makes a technical change in a Section concerning the short title.
Senate Floor Amendment No. 1: Replaces everything after the enacting clause. Creates the Illinois Consumer Data Privacy Act. Specifies that the Act applies to legal entities that conduct business in Illinois or produce products or services that are targeted to Illinois residents and that either (i) collect or process, during a calendar year, personal data of 100,000 or more consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction, or (ii) derive more than 25% of their gross revenues from the sale of personal data and process or collect personal data of 25,000 or more consumers. Describes classes of persons that are exempt from the Act. Outlines the responsibilities of data controllers and data processors. Codifies various consumer personal data rights, including, but not limited to, (i) the right to confirm whether or not a controller is processing personal data concerning the consumer and to access the personal data the controller is processing, (ii) the right to correct inaccurate personal data concerning the consumer, (iii) the right to delete personal data concerning the consumer, (iv) the right to opt out of the processing of personal data concerning the consumer for specified purposes, or (v) the right, under some circumstances, to question the result of profiling. Requires a controller to allow a consumer to opt out of any processing of the consumer's personal data for enumerated purposes. Contains provisions concerning the processing of deidentified data or pseudonymous data, responsibilities of controllers, requirements for small businesses, data privacy policies, data privacy and protection assessments, enforcement of the Act by the Attorney General and State's attorneys, and other matters. Limits the concurrent exercise of home rule powers. Amends the Consumer Fraud and Deceptive Business Practices Act. Specifies that a violation of the Act constitutes an unlawful practice under the Act. Amends the Freedom of Information Act to exempt from disclosure data privacy and protection assessments made available to the Attorney General and State's Attorneys under the Act. Makes other changes. Effective January 1, 2027.
Senate Floor Amendment No. 2: Replaces everything after the enacting clause. Creates the Illinois Consumer Data Privacy Act. Specifies that the Act applies to legal entities that conduct business in Illinois or produce products or services that are targeted to Illinois residents and that either (i) collect or process, during a calendar year, personal data of 100,000 or more consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction, or (ii) derive more than 25% of their gross revenues from the sale of personal data and process or collect personal data of 25,000 or more consumers. Describes classes of persons that are exempt from the Act. Outlines the responsibilities of data controllers and data processors. Sets forth various consumer personal data rights, including, but not limited to (i) the right to confirm whether or not a controller is processing personal data concerning the consumer and to access the personal data the controller is processing, (ii) the right to correct inaccurate personal data concerning the consumer, (iii) the right to delete personal data concerning the consumer, (iv) the right to opt out of the processing of personal data concerning the consumer for specified purposes, or (v) the right, under certain circumstances, to question the result of profiling. Requires a controller to allow a consumer to opt out of any processing of the consumer's personal data for enumerated purposes. Contains provisions concerning the processing of deidentified data or pseudonymous data, responsibilities of controllers, requirements for small businesses, data privacy policies, data privacy and protection assessments, enforcement of the Act by the Attorney General and State's attorneys, and other matters. Limits the concurrent exercise of home rule powers. Amends the Consumer Fraud and Deceptive Business Practices Act. Specifies that a violation of the Act constitutes an unlawful practice under the Act. Amends the Freedom of Information Act to exempt from disclosure data privacy and protection assessments made available to the Attorney General and State's Attorneys under the Act. Makes other changes. Effective January 1, 2027.
Senate Floor Amendment No. 3: Provides that notwithstanding any other provision of this Act, if a processor processes data under a binding contract that sets forth the processing instructions and limits the actions the processor may take with respect to the data it processes on behalf of the controller, the processor is not liable for the controller's actions that led to a violation of this Act.
Senate Floor Amendment No. 4: Excludes a nonprofit organization that is established to detect and prevent fraudulent acts in connection with insurance from the Act. In provisions amending the Consumer Fraud and Deceptive Business Practices Act, excludes private rights of action to enforce violations of the Illinois Consumer Data Privacy Act.
Statutes affected: 
Introduced: 755 ILCS 5/1
Engrossed: 5 ILCS 140/7, 815 ILCS 505/2