Data Protection in Chicago: A Shift in Perspective?
Wikipedia defines privacy as “the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes.” Said simply, privacy means different things to different people.
Privacy in the U.S. vs the EU
In the U.S., privacy, while important to many, is not safeguarded by the Constitution. It is only implicitly granted under the 4th Amendment. In contrast, the European Union has Article 8 of the European Convention on Human Rights, which specifically guarantees the right to respect for private and family life, one's home, and correspondence. The General Data Protection Regulation (GDPR) is an extension of the strict privacy expectations held by most Europeans.
Data Privacy Perspectives Shifting in the U.S.
With data breaches occurring almost daily, it is becoming increasingly common for Americans to face theft of their personal information, which is then often sold on the black market. As a result, views are shifting on the importance of legally protecting privacy. As perspectives change, lawmakers are starting to look to their European counterparts for guidance on this issue. The GDPR has inspired some recent data protection ordinances throughout the U.S., most recently in the city of Chicago. In June, the Personal Data Collection and Protection Ordinance (“the Ordinance”) was introduced to the Chicago City Council.
Chicago Ordinance would Tighten Data Privacy Controls
This strict Ordinance would require businesses who hold data of Chicago residents to do the following:
- Obtain prior opt-in consent from Chicago residents to use, disclose, or sell their personal information, and upon request, disclose to the individual any personal information they maintain about the individual.
- Notify affected Chicago residents and the City of Chicago in the event of a data breach, and notify the City of Chicago regarding the timing, content, and distribution of the notices to individuals and number of affected individuals.
- Register with the City of Chicago if they qualify as “data brokers” which is defined as commercial entities that collect, assemble, and possess personal information about Chicago residents who are not their customers or employees to trade the information.
- Provide specific notifications to mobile device users for location services.
- Obtain prior express consent to use geolocation data from mobile applications. This requirement is subject to various exceptions, such as in certain instances that allow a parent or guardian to locate their minor child.
Depending on the requirement, the Ordinance allows for a private right of action and specifies fines to address violations. If these laws look familiar, that is because they echo many GDPR regulations.
While Chicago is only one city in the U.S., it may signal a more widespread shift. Many Americans have always believed in the right to privacy, but now many want stricter laws to protect it. All 50 states now have some form of data privacy protection, with Colorado recently passing the toughest data protection standards, some of which mirror the GDPR.
The Constitution may not speak specifically to the right to privacy, but constituents are looking for their local and state governments to enact specific legislation to protect this invaluable right. Therefore, this shift in perspective may lead the US closer to European-type privacy laws.