Illinois Law Protects Personal Data
by Jayson Hawkins
A new Illinois statute is the first in the nation to require police to have a search warrant or the owner’s permission before accessing their data on a personal device. The Protecting Household Privacy Act, which went into effect on January 1, 2022, is intended to establish guidelines for when or if tech companies can surrender personal data to law enforcement.
Prior to the Illinois law, states have been relying on decades-old U.S. Supreme Court decisions as precedent for online privacy. The 1976 ruling in United States v. Miller, 425 U.S. 435 (1976), regarding bank records, and the Court’s 1979 opinion in Smith v. Maryland, 442 U.S. 735 (1979), about phone calls, established the Court’s third-party doctrine, which says individuals have no reasonable expectation of privacy over information they voluntarily share with third parties.
The American Civil Liberties Union of Illinois advocated for the new law on the basis that technology has changed how we live. “Now third parties are deeply embedded into almost every aspect of our lives,” said Peter Hanna, legal adviser for the ACLU of Illinois.
There is a difference, Hanna argued, between information shared in a public space and data collected from inside the sanctity of one’s home. With various “smart” devices and security cameras becoming commonplace in households, consumers need to be shielded from the makers of such devices collecting the most intimate details of their lives and turning that data over to law enforcement or other entities.
A 1986 statute, the Stored Communications Act, was meant to maintain the privacy of information held by service providers, but the way devices function places them beyond the reach of the federal law. Illinois’ new law broadly defines household devices in hopes of covering current and future technology, the state’s ACLU said. It also includes devices in the “immediately surrounding area” such as Amazon’s Ring doorbell and other connected security systems.
To address consumer privacy concerns, Amazon has maintained a policy of not surrendering user data to law enforcement without a search warrant or subpoena. “Amazon objects to overbroad or otherwise inappropriate demands as a matter of course,” said a company spokesperson.
Critics of the Protecting Household Privacy Act point out that it includes only connected devices. By not explicitly covering computing devices such as phones, tablets, modems, or routers, the state law may “complicate compliance efforts” for tech companies, said Washington, D.C. attorney Chloe Goodwin, who represents companies facing such issues. “The Illinois requirements don’t map neatly onto the Stored Communications Act framework,” she said.
The lag between new technology and laws regulating it has created legal gray areas governed only by company policies. Odia Kagan, a Philadelphia lawyer specializing in data security regulations, has advocated that device makers should be more upfront with users about when and what kind of data are being gathered.
“Transparency with these devices is an issue,” said Kagan. “Do you know what you’re consenting to?” As state and federal laws concerning technology continue to evolve, ultimately, the burden remains on consumers to read the fine print before clicking “agree” and surrendering their privacy.
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login