103RD GENERAL ASSEMBLY
State of Illinois
2023 and 2024
Introduced 2/17/2023, by Rep. Anna Moeller
SYNOPSIS AS INTRODUCED:
Creates the Children's Privacy Protection and Parental Empowerment
Act. Provides that a business that provides an online service, product, or
feature likely to be accessed by children shall take specified actions,
including completing a Data Protection Impact Assessment for any online
service, product, or feature likely to be accessed by children. Provides
that a business shall complete a Data Protection Impact Assessment on or
before July 1, 2024, for any online service, product, or feature likely to
be accessed by children offered to the public before July 1, 2024. Provides
that any business that violates the Act shall be subject to an injunction
and liable for a civil penalty of not more than $2,500 per affected child
for each negligent violation or not more than $7,500 per affected child for
each intentional violation. Creates the Children's Data Protection Working
Group to deliver a report to the General Assembly regarding best practices
for the implementation of the Act. Effective immediately.
A BILL FOR
|HB3880||LRB103 29834 SPS 56242 b|
AN ACT concerning business.
Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
This Act may be cited as the
Children's Privacy Protection and Parental Empowerment Act.
As used in this Act:
"Child" or "children", unless otherwise specified, means a
consumer or consumers who are under 18 years of age.
"Data Protection Impact Assessment" means a systematic
survey to assess and mitigate risks that arise from the data
management practices of the business to children who are
reasonably likely to access the online service, product, or
feature at issue that arises from the provision of that online
service, product, or feature.
"Default" means a preselected option adopted by the
business for the online service, product, or feature.
"Likely to be accessed by children" means it is reasonable
to expect, based on the following indicators, that the online
service, product, or feature would be accessed by children:
(1) the online service, product, or feature is
directed to children as defined by the Children's Online
Privacy Protection Act (15 U.S.C. 6501 et seq.);
(2) the online service, product, or feature is