HomeBrowse Bills

Industries

HealthcareHR & HiringFinancial ServicesEducationGovernmentAgribusiness

Guides

Indiana AI LawsAI Hiring LawsCompliance ChecklistIllinois AI Act

Compliance

Framework GuideSOC 2ISO 27001ISO 42001NIST AI RMFCompare FrameworksCost ComparisonVendor VettingLawmakersData CentersGovernanceAbout
Risk Check
ILIn Committee

SB 52

PRIVACY RIGHTS ACT

High Risk

Creates new compliance requirements or restricts common AI uses. Action needed.

TL;DR

Illinois SB 52, the Privacy Rights Act, would create a comprehensive consumer data privacy framework similar to California's CCPA, giving Illinois residents rights to access, delete, and opt out of the sale of their personal data. It also includes specific provisions on automated decision-making and profiling, meaning AI systems that make consequential decisions about consumers would face new transparency and opt-out requirements. The bill is currently stalled in Senate committee after an amendment.

Read the Full Bill Text

How This Might Impact Your Business

Companies doing business in Illinois that process personal data of 100,000+ consumers (or 25,000+ if they derive 50%+ revenue from selling data) would face GDPR-style compliance obligations.

AI and automated decision-making systems used for hiring, lending, insurance, housing, or healthcare decisions would need to offer consumers the right to opt out of profiling that produces legal or similarly significant effects.

Businesses would need to conduct and document data protection assessments before deploying high-risk AI processing, including profiling and targeted advertising use cases.

Consumer-facing companies would need to update privacy notices, build opt-out mechanisms (including honoring universal opt-out signals), and respond to access/deletion requests within 45 days.

Industries most exposed include AdTech, HR Tech, FinTech lenders, insurance carriers, retail/e-commerce, and health tech, especially those using personalization or scoring algorithms.

Enforcement would sit with the Illinois Attorney General, with civil penalties per violation; a private right of action may apply depending on the final amendment language.

Bill is currently in committee with Amendment No. 1 pending, so terms could shift before any floor vote.

What Should You Do

1

Have your privacy and legal teams map where personal data on Illinois residents flows, including any AI vendors performing profiling or automated decisions.

2

Inventory all automated decision-making tools (hiring, credit, pricing, insurance underwriting) and confirm whether you can produce explanations and honor opt-outs.

3

Draft or update data protection assessment templates now; California, Colorado, and Virginia already require similar documentation, so this is reusable work.

4

Assign someone to track SB 52 through Illinois Senate Assignments and flag any movement out of committee or substantive amendment changes.

5

Confirm your consent management platform can honor universal opt-out signals (like Global Privacy Control) ahead of likely effective date.

Who It Affects

HealthcareHR & HiringFinancial ServicesAgribusiness
AdTechHR TechFinancial ServicesInsuranceRetail and E-commerceHealthcare AI

Status Timeline

committee

Senate Committee Amendment No. 1 Rule 3-9(a) / Re-referred to Assignments

April 11, 2025

AI-generated analysis for informational purposes only. Not legal advice. Always consult a qualified attorney for legal guidance.

Need help preparing your team for AI compliance?

Talk to LaunchReady about AI Training

Get the Weekly AI Law Roundup

Plain-English summaries of the AI laws that matter for your business. Every Monday. Free.

No spam. Unsubscribe anytime.