Enforceability of State Data Privacy Laws Against Out-of-State Companies
This opinion from the Illinois Attorney General examines the enforceability of the Illinois Biometric Information Privacy Act (BIPA) and the Illinois Personal Information Protection Act against companies that collect data from Illinois residents but are headquartered in other states. It analyzes personal jurisdiction, the dormant Commerce Clause, and interstate commerce considerations.
The opinion discusses the minimum contacts required for the exercise of specific personal jurisdiction over out-of-state companies that process Illinois residents' data. It examines whether BIPA's private right of action creates an undue burden on interstate commerce.
The opinion concludes that BIPA is enforceable against out-of-state companies that intentionally direct data collection activities toward Illinois residents, and that the statute does not impose an unconstitutional burden on interstate commerce given its focus on conduct occurring within or directed at the state.
Disclaimer: This is a summary of an Attorney General opinion provided for informational purposes. AG opinions represent the legal interpretation of the issuing office and do not constitute binding judicial precedent. Consult a qualified attorney for legal advice.