Illinois Passes Law Protecting Household Device Data

Last week, the Protecting Household Privacy Act (PHPA) became law with Governor JB Pritzker’s signature. The law, which takes effect Jan 1, 2022, stops law enforcement officials from acquiring household electronic data from third-parties without a warrant or consent.

The type of data protected by the new law includes any electronic communication–provided by a human–that’s intended for use within a household. The language of the law doesn’t specify what exactly that means, but goes into great detail about the type of electronic data that’s not protected. Data that is fair game for law enforcement includes, includes, personal computers, cell phones, smartphones, tablets, modems, routers, wireless access points, and cable set-top boxes serviced by cable providers.

Voice data provided to smart speakers is not specifically excluded from the law, and is presumably protected by PHPA. This likely means that Amazon, for example, would be unable to provide data collected by its smart Alexa speaker to law enforcement without a warrant–or consent from the device/data owner.

PHPA is not the first law to protect voice data legal precedent in Illinois. The Illinois Biometric Information Privacy Act (BIPA), which was first passed in 2008, protects a range of biometric data, including fingerprints, retina or iris scan, facial geometry, and voice recordings. PHPA bears additional similarities to BIPA, which states that private entities may not collect biometric data without informed written consent. That said, BIPA is more focused on the private sector than law enforcement, as it also bans the sale or leasing of biometric data, and allows data owners a private right of action.