Session Expired

Your session has expired. Please sign in again to continue where you left off.

Sign In Again
Home Illinois SB3220
IL SB3220

IL SB3220: CONSUMER DATA PRIVACY Verified

Sign in to follow

Get emailed when this bill changes status, is amended, or advances.

Disclaimer: This page provides general informational summaries only and does not constitute legal advice. AI-generated content may contain errors. Always consult a qualified attorney for guidance specific to your situation. Read full disclaimer →
Primary Source Read SB3220 on official legislature website
AI Summary

The Illinois Consumer Data Privacy Act grants consumers rights over their personal data, applying to certain businesses, with exemptions for some entities, enforced by the Attorney General.

Business Impact

If you process personal data of Illinois residents, you must implement consumer rights protocols by the effective date or face enforcement actions.

State
Illinois
Bill Number
SB3220
Status
Introduced
Risk Level
High
Category
Comprehensive
Last Action
May 22, 2026
Last Verified
Jun 3, 2026
Data Updated
Jun 3, 2026
Version
v4
What do these statuses mean?
Introduced — Filed in the legislature; not yet heard in committee
In Committee — Assigned to and being reviewed by a legislative committee
Passed — Approved by one or both chambers; awaiting further action
Signed / Enacted — Signed into law by the governor; may or may not be in effect yet
Dead / Vetoed — Vetoed, failed to pass, or session expired without action
Unknown — Status data not yet available or awaiting classification

Affected Industries

Technology Consumer Protection

Topics How we classify →

AI TransparencyRequires notice or disclosure when AI is used. May include penalties. Click to see full definition → Automated Decision-MakingRegulates AI/algorithms making decisions affecting individuals. Click to see full definition → AI Privacy Penalties apply

What This Means

The Illinois Consumer Data Privacy Act introduces significant consumer rights regarding personal data, impacting businesses that handle such data. It mandates transparency and control for consumers over their personal information, including rights to access, correct, delete data, and opt out of profiling. The bill applies to businesses operating in Illinois that control or process data of at least 100,000 consumers or 25,000 consumers with over 50% revenue from data sales, creating new compliance requirements. It also establishes the Consumer Privacy Fund administered by the Office of the Attorney General. Additionally, it amends the Freedom of Information Act to exempt data protection impact assessments from disclosure and makes a conforming change in the State Finance Act. The Attorney General has exclusive authority to enforce the consumer data privacy rights under the Act. While the official description mentions exemptions, the full bill text might specify which entities are exempt.

Key Provisions

Latest Legislative Action

Rule 3-9(a) / Re-referred to Assignments

Bill Sponsors

Name Role District
Sponsor SD-038

Compliance Checklist

Implement protocols for consumer data access and correction requests.
Who: Businesses processing personal data of Illinois residents.
Penalty: Enforcement actions by the Attorney General.
Establish procedures for data deletion requests.
Who: Businesses processing personal data of Illinois residents.
Penalty: Enforcement actions by the Attorney General.

Related & Companion Bills

Illinois SB 3220 — CONSUMER DATA PRIVACY Illinois SB3548 — CONSUMER DATA PRIVACY ACT Illinois HB5581 — ILLINOIS PRIVACY RIGHTS ACT Illinois SB3890 — CONSUMER DATA PRIVACY

Full Legal Analysis

The Illinois Consumer Data Privacy Act establishes a framework for consumer rights concerning personal data processing. It requires businesses to confirm whether they are processing data, correct inaccuracies, delete data upon request, and provide copies of personal data. The bill applies to entities that control or process data of at least 100,000 consumers or 25,000 consumers and derive over 50% of gross revenue from the sale of personal data. While the official description mentions exemptions, the full bill text might specify which entities are exempt. Non-compliance can lead to enforcement actions by the Attorney General, who has exclusive authority under this Act. The Act also creates the Consumer Privacy Fund, administered by the Office of the Attorney General. Key definitions include 'controller', which refers to entities that determine the purposes and means of processing personal data, and 'processor', which refers to entities that process data on behalf of a controller. Furthermore, the Act amends the Freedom of Information Act to exempt data protection impact assessments from disclosure and makes a conforming change in the State Finance Act.

Official Source

Official Bill Text
View SB3220 on official legislature website →

Related Topics

AI Transparency Automated Decision-Making AI Privacy

Affected Industries

Technology Consumer Protection

More Illinois AI Legislation

HB2053 AUTONOMOUS VEH REQUIREMENTS High HB3044 AUTONOMOUS VEH REQUIREMENTS High HB5220 AUTONOMOUS VEHICLES High SB3241 AGE-APPROPRIATE DESIGN CODE Medium SB2993 AI-PRESCRIBING MEDICATION High SB3702 REGISTERED NURSE USE OF AI High
View All IL Laws →

More Illinois AI Laws

Browse all published AI bills and regulations for Illinois.

View IL Laws →

Stay Updated on AI Laws

New AI laws, compliance deadlines, and plain-English breakdowns. Updated daily.

Unsubscribe anytime.
You're subscribed. Check your inbox.
Report an error in this data