On August 27, 2021, Illinois Governor J.B. Pritzker signed into law the Protecting Household Privacy Act (“PHPA”).  The law governs how, and under what conditions, Illinois law enforcement agencies may acquire and use data from household electronic devices, commonly referred to as “smart devices” or the “internet of things.”  The PHPA will go into effect on January 1, 2022.

The PHPA applies to “household electronic data,” which the statute defines as any information or input provided by a person to any device “primarily intended for use within a household that is capable of facilitating any electronic communication,” excluding personal computing devices (such as personal computers, cell phones, smartphones, or tablets) and digital gateway devices (such as modems, routers, wireless access points, or cable set-top boxes serviced by a cable provider).  Section 5.  The law imposes several limits on Illinois law enforcement’s acquisition and use of household electronic data:

  1. Warrant Requirement: The law generally prohibits law enforcement agencies from obtaining household electronic data “or direct[ing] the acquisition of household electronic data from a private third party.”  Section 10.  This prohibition is subject to a set of exceptions, permitting such acquisition if (i) “a law enforcement agency first obtains a warrant;” (ii) the data is needed to “respond to a call for emergency services concerning the user or possessor of a household electronic device;” (iii) there is “an emergency situation;” or (iv) the data is acquired “with [the] lawful consent of the owner of the household electronic device or person in actual or constructive possession of the household electronic device.”  Section 15.  Notably, the PHPA itself does not impose any obligations on providers, as it states that the Act “shall not be construed to require a person or entity to provide household electronic data to a law enforcement agency.”  Section 35.  At the same time, compliance would be compulsory to the extent the provider is served with a warrant in accordance with the statute.
  2. Confidentiality Requirement: The law also requires that any entity disclosing household electronic data “take reasonable measures to ensure the confidentiality, integrity, and security of any household electronic data during transmission to any law enforcement agency, and to limit any production of household electronic data to information responsive to the law enforcement agency request.”  Section 40.
  3. Limited Data Retention: Finally, the PHPA limits how long law enforcement can retain household electronic data without filing criminal charges if the data was obtained pursuant to a warrant or in an emergency situation.  Section 20.  The Act requires that such data be destroyed within 60 days unless (1) “there is reasonable suspicion that the information contains evidence of criminal activity;” or (2) “the information is relevant to an ongoing investigation.”
Print:
EmailTweetLikeLinkedIn
Megan Crowley

Megan Crowley is a litigator who represents clients in high-stakes matters, from case inception through trial and appeal. Her practice focuses on complex commercial disputes and litigation under the Administrative Procedure Act. Megan currently represents several leading technology companies in cutting-edge litigation relating…

Megan Crowley is a litigator who represents clients in high-stakes matters, from case inception through trial and appeal. Her practice focuses on complex commercial disputes and litigation under the Administrative Procedure Act. Megan currently represents several leading technology companies in cutting-edge litigation relating to cybersecurity and data privacy.

Megan rejoined Covington from the U.S. Department of Justice, where she defended executive branch agencies in some of their most high-profile cases. Drawing upon this experience, she has secured a number of landmark victories against the federal government in recent years. Megan was a key member of the Covington team that represented TikTok in its successful challenge to the Trump Administration’s efforts to ban the app, and its defense of the district court’s injunction on appeal. She also represented Xiaomi Corporation in its successful challenge to the Department of Defense designation that would have banned the company from U.S. financial markets, securing a preliminary injunction and, ultimately, a rescission of the ban.

Photo of Chloe Goodwin Chloe Goodwin

Chloe Goodwin is a litigator and regulatory attorney focused on privacy and technology issues. She represents several leading technology companies in litigation and compliance matters relating to electronic surveillance, law enforcement access to digital evidence, cybersecurity, and data privacy.