With the passage of the General Data Protection Regulation (GDPR), many government entities here in the US have joined the bandwagon in strengthening data protection laws concerning personal information. The city of Chicago is the latest municipality to actively take on the threat of data breaches.
Chicago’s Personal Data Collection and Protection Ordinance (“the Ordinance”) was recently introduced to its city council and is designed to equip consumers with control over their information, informed consent to its disclosure, awareness of its use, and redress for its misuse.
Data Collection & Disclosure
The purpose of the Ordinance is to regulate operators that collect sensitive customer personal information through the Internet about individual consumers in the City of Chicago.
Some of the major provisions of the Ordinance include:
- Obtain prior opt-in consent from Chicago residents to use, disclose or sell their personal information;
- Notify affected Chicago residents and the City of Chicago in the event of a data breach;
- Register with the City of Chicago if they qualify as “data brokers;”
- Provide specific notification to mobile device users for location services; and
- Obtain prior express consent to use geolocation data from mobile applications.