November 30, 2022

Volume XII, Number 334


November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis

Illinois Makes Moves on Geolocation Privacy

In April, US President Donald Trump signed a bill rejecting Obama-era regulations on the consent needed for a broadband internet access service (BIAS) provider to use and disclose a consumer’s sensitive information—including geolocation data. In the wake of such regulations being blocked, some state legislatures introduced geolocation privacy bills to address the use and disclosure of consumers’ geolocation information. The Illinois House and Senate recently passed one of those efforts to regulate such use of geolocation information.

As we previously discussed, the invalidated federal regulations would have required, among other things, a BIAS provider to obtain opt-in consent from a consumer before using or sharing information related to the consumer’s precise geolocation.

On June 27, 2017, the Illinois House and Senate passed the Geolocation Privacy Protection Act (the Act). Under the Act, an “entity may not collect, use, store, or disclose geolocation information from a location-based application on a person’s device,” unless the entity receives prior affirmative, express consent after adequate notice. Such notice must include

  • a statement that the person’s geolocation information will be collected, used, or disclosed;

  • the specific purpose of such collection, use, or disclosure; and

  • accessible means, such as a hyperlink, for the person to access such information.

After the initial consent, the private entity must re-obtain the person’s consent if such information in the notice materially changes. The Act provides certain exceptions to this notice requirement; for example, in order to allow a parent to locate an unemancipated minor child, for public safety, or for authentication. Under the Act, the definition of “geolocation information” means information that is

  • in whole or in part “generated by or derived from” the use of a mobile device such as a smart phone, tablet, or laptop, and

  • “sufficient to determine or infer the precise location of that device.”

“Geolocation information” expressly excludes the content of communications and internet protocol addresses. The Act’s notice requirements apply to geolocation information received from a “location-based application,” or “a software application that is downloaded or installed onto a mobile device and collects, uses, or stores geolocation information.”

After passing the Illinois House and Senate, the Act must next be signed by Governor Bruce Rauner to become law. If signed into law, the Act gives any Illinois state’s attorney or the Illinois attorney general the power to enforce these requirements. As such, if the Act is signed into law and applies to your business practices, it is important to determine whether your business practices comply with its requirements.

Copyright © 2022 by Morgan, Lewis & Bockius LLP. All Rights Reserved.National Law Review, Volume VII, Number 209

About this Author

Michael Pillion, Morgan Lewis, Litigation Attorney

Michael L. Pillion brings more than 30 years of experience navigating high-stakes transactions to his technology, outsourcing, and commercial transactions practice. He has a diverse client base that spans the health insurance, life sciences, energy, financial services, and real estate industries. He counsels clients in structuring, negotiating, realigning, and terminating information technology (IT) outsourcing and business process outsourcing (BPO) transactions, technology transactions including software as a service (SaaS) and cloud deals, complex commercial...

Jessica M. Pelliciotta, Morgan Lewis, technology lawyer

Jessica M. Pelliciotta is part of our outsourcing and strategic commercial transactions team of lawyers, handling critical commercial transactions that enable our clients to run their business operations effectively. The Morgan Lewis team focuses on technology transactions, including licensing, services, and alliance deals that involve emerging technologies such as cloud computing, software as a service (SaaS), and data analytics.