* Press release…
This afternoon Governor Rauner vetoted House Bill 3449, the Geolocation Privacy Protection Act. The legislation requires apps and services clearly and conspicuously inform you and receive your consent before collecting your geolocation information. The legislation was supported by Digital Privacy Alliance, American Civil Liberties Union of Illinois, Center for Democracy & Technology, Illinois PIRG, Chicago Alliance Against Sexual Exploitation, Promoting Awareness | Victim Empowerment, Cook County Sheriff’s Office, DataMade, SpiderOak, Social Change, Consumer Watchdog, and Privacy Rights Clearinghouse.
In response to Govern Rauner’s action, Illinois PIRG Director Abe Scarr made the following statement:
The Equifax breach has brought much needed attention to what can go wrong when vast amounts of private personal information is collected, stored and shared and sold in the big-data economy.
Signing HB3449 into law would have been a clear demonstration that Illinois is a leader in the technology industry and is forward thinking. Unfortunately, the Governor chose big business over protecting of Illinois citizens.
Many consumers understand some apps, especially when location-based like ride-sharing or maps, collect location data about them, but would be surprised to know that some collect it constantly or that the location information is then shared or sold. Very few know that more apps, including children’s game apps, also collect geolocation information.
Consumers deserve clear and conspicous iniformation about when and how their location may be tracked and the opportunity to provide informed consent or to opt out.
* There is no veto message online as I write this and no press release from the governor, but this is from a Public Radio story…
But some in the state’s business community see this as an added burden. They say it would divert focus from the actual protection of consumer data.
“And that’s where the money and the focus and the time should be going,” says Tanya Trishe, vice president and general counsel for the Illinois Retail Merchants Association. She explains companies need to “ensure that they’re spending all of their really valuable resources ensuring that the private information of consumers that they have is not being attacked.” […]
Trishe–from the Illinois Retail Merchants Association–says talks with the governor’s office have been positive and they remain hopeful he will veto the measure.
* From the Chicagoland Chamber…
“The Chicagoland Chamber applauds the Governor for vetoing HB 3449 and for subsequently protecting the jobs of Illinoisans across the technology, retail and small business communities of our state. Protecting consumer privacy is important, but not when that legislation is designed to open up businesses of all sizes to litigation. This bill would have directly contradicted the FTC’s call for short, in-context disclosures, which are more effective and easier for consumers to understand. We hope to continue dialogue around this topic in the future in order to achieve protections in a real and meaningful manner, and not to enrich trial attorneys,” said Michael Reever, acting president & CEO, Chicagoland Chamber of Commerce.
“This geolocation bill would have diverted resources and focus away from the actual protection of consumer data. Today’s business owners are on the front-lines of international cyber-warfare and are working tirelessly to ensure that their customer’s important private information is appropriately protected. Anyone who utilizes data needs cooperation, not additional requirements, that diverts focus and resources from the core mission. We applaud Governor Rauner for recognizing where the focus, and the resources, should be.”
* IL Chamber…
The Illinois Chamber of Commerce supports Gov. Bruce Rauner’s veto of HB 3449, the Geolocation Privacy Protection Act, which would have placed significant burden on businesses and consumers throughout Illinois.
HB 3449 would have stifled innovation in Illinois’ tech industry, burdened app users, and given Illinois a bad reputation in comparison to other states for enacting more regulations on job creators.
“It comes down to what message we want to send our innovators looking to invest in Illinois. With the governor’s veto, the message is clear Illinois is pro-business and welcomes companies of all sizes to invest here. The governor vetoing this bill is positive news for Illinois’ emerging tech industry and developing economy,” Illinois Chamber of Commerce President and CEO Todd Maisch said.
Illinois tech startups and businesses would have been substantially burdened by the bill’s complicated requirements. HB 3449 would have duplicated existing requirements already in place by the Federal Trade Commission, put businesses of all sizes at risk of frivolous lawsuits, and made the app experience for consumers less user friendly.
“There’s a misconception that this bill came from consumers looking for more privacy protection. In reality, special interest groups who would directly benefit from the bill’s increased compliance burden were the ones pushing for its enactment. Engineering liability that targets job creators does not put Illinois on a path to prosperity,” Illinois Chamber of Commerce Director of Legislative Relations Tyler Diers said.
Startups and small businesses play a huge part in Illinois’ economy and would have been directly affected by this legislation.
“This bill places an undue burden on many startups and small businesses, which will greatly affect their ability to operate in the state of Illinois,” Maisch said. “Killing this legislation is one step in the fight to protect our job creators from bad policies.”
* IL Data Security Alliance…
“Vetoing this legislation is a step in the right direction for the tech industry, as well as businesses of all sizes throughout the entire state,” said Todd Maisch, President and CEO of the Illinois Chamber of Commerce. “At the Illinois Chamber, we want to find ways to encourage development in the tech industry, and we feel today’s action by the Governor does just that. Without this veto, some of Illinois’ fastest growing businesses would be forced into complying with unnecessary and redundant hurdles that could have unfortunate consequences on our state’s economy. For these reasons, we fully support the Governor’s decision to veto House Bill 3449.”
House Bill 3449 was brought about as a disclosure law on the use of geolocation information. However, online companies are already subject to robust privacy oversight by the U.S. Federal Trade Commission, who has actively enforced privacy and data security protections for over two decades.
While ensuring the online privacy of Illinois consumers is of the utmost importance, the language in the proposed legislation did not provide additional protections in any way. For this reason, no state has enacted a law similar to HB 3449.
…Adding More… Here’s the veto message…
Veto Message for HB 3449
To the Honorable Members of
The Illinois House of Representatives,
100th General Assembly:
Today I veto House Bill 3449 from the 100th General Assembly, which would add an unnecessary and byzantine layer of state regulation to the use of most electronic devices by mandating additional prohibitions and penalties.
Protection of consumer privacy is an important goal that I fully support, but this legislation only serves to make things unnecessarily complicated where federal privacy regulations are the proper format for uniform and consistent consumer protections across the country.
The Federal Trade Commission (FTC) already has the broad powers granted to it in Federal Statute 15 U.S.C. §§46 (a) to protect various aspects of consumer privacy in a uniform manner across the United States, and the commerce clause in the Constitution assigns the power to regulate interstate commerce to the U.S. Congress. If further privacy legislation is required, it should be enacted by the U.S. House and U.S. Senate. In addition to federal legal protections, consumers already have full control of geolocation data capture in their device settings through most operating systems, or by limiting access within specific applications they choose to utilize on their devices. Consumers also have the freedom to demand software products with more protective terms and End User License Agreements.
To the degree that there is company abuse of these laws and policies, such as tracking people without their consent or hiding collection and disclosure practices, the solution is not yet another layer of state government rules and bureaucracy, but instead the enforcement by the Federal Trade Commission of existing laws or enforcement of existing policies by creators and distributors of digital applications.
This bill would result in job loss across the state without materially improving privacy protections for Illinoisans or making devices and their apps safer for children. The addition of this policy to Illinois’ existing burden of red tape will hurt Illinois’ growing reputation as a destination for innovation-based job creation.
Therefore, pursuant to Section 9(b) of Article IV of the Illinois Constitution of 1970, I hereby return House Bill 3449 entitled “AN ACT concerning business”, with the foregoing objections, vetoed in its entirety.
* And from the Digital Privacy Alliance…
The private online information of Illinoisans took a major hit today after Illinois Governor Bruce Rauner rejected House Bill 3449, the Geolocation Privacy Protection Act. Had it been signed into law, this historic piece of legislation would have provided transparency by requiring corporations that collect, use or sell Illinoisans’ geolocation information from their mobile devices to obtain their consent before tracking them.
Instead, the Governor’s veto is a betrayal of consumer trust and total failure to people who value their personal privacy. The Governor’s action is a clear message that he values his Silicon Valley friends more than the people and small businesses in Illinois. Moreover, the Governor’s veto is a direct contradiction to his public commitment to protect Illinois citizens’ online safety, exemplified by his recently touted $1 billion dollar cybersecurity initiative.
“You can throw all the money in the world at a problem, but we can’t actually protect ourselves if we aren’t aware that our geolocation information is being collected, used, and sold in the first place. By vetoing this legislation Governor Rauner signals to all Illinoisans that their privacy rights aren’t as important as big business profits,” said Digital Privacy Alliance Board of Director Peter Hanna.
House Bill 3449 is a common sense consumer protection measure that simply requires a person or corporation to get consent before tracking someone through his or her mobile device. Current law does not require a corporation to be transparent about when and why they are tracking you and your personal data, which has led to the erosion of consumer trust in technology. Such corporate disregard for consumers’ privacy was recently highlighted by a report exposing the mobile app AccuWeather for continuing to collect and share location information even though a user previously denied the apps request for access to that information.
The industry’s lack of transparency is a public safety concern of the highest order. Just this past July, the FBI warned parents that the collection of personal information from connected devices posed privacy and physical safety threats to children. A national study conducted by the National Network to End Domestic Violence found that 72 percent of victim services programs across the country had seen victims who were tracked through a stalking app installed on a mobile phone or a stand-alone GPS device, and the Washington Post revealed that half of the 2,500 children’s apps it tested failed to protect their data.
The dozens of tech startups, enterprise software companies, and web development shops around the state that have stepped up in support of the Geolocation Privacy Protection Act believe it is necessary for the protection of citizens’ privacy rights and critical for ensuring consumer trust in their industry.
“Consumer trust is eroding in today’s digitally dominated world. As an industry, if we don’t start building up that trust, we will lose customers willing to use our services or download our apps. Illinois could be at the forefront of this movement and this act is a good move to start regaining that trust,” said Derek Eder, partner at DataMade, co-founder of Open City, and leader of Chi Hack Night.
The diverse advocacy groups that have rallied behind the bill include the Digital Privacy Alliance, American Civil Liberties Union of Illinois, Center for Democracy & Technology, Illinois PIRG, Chicago Alliance Against Sexual Exploitation, Promoting Awareness | Victim Empowerment, Cook County Sheriff’s Office, Social Change, Consumer Watchdog, and Privacy Rights Clearinghouse.
“Signing this bill into law would have been a clear demonstration that Illinois is a progressive leader in the technology industry and is forward thinking. Unfortunately, the Governor chose big business over the protection of Illinois citizens,” said Director of Illinois PIRG Abe Scarr.
The Digital Privacy Alliance and its partners appreciate the leadership of Representative Ann Williams and Senator Tom Cullerton for putting this bill forward as we work to override the Governor’s veto.