Technology

Data privacy in Illinois: What Chicago Consumers Should Know About Biometrics and Tracking

By admin | January 29, 2026 | 10:26 am | No Comments

Chicago runs on speed: Tap to pay, scan your ticket, unlock the door, and keep moving. This speed also makes data collection feel normal, because the “yes” happens fast and the fine print is easy to miss. 

In Illinois, especially in a surveillance-heavy city like Chicago, the real issue is consent, not convenience. Biometrics are permanent, and tracking is often invisible, so the burden should be on the business to explain what it is doing. Here’s what Chicago consumers should know about biometrics and tracking, and the practical steps that protect you.

Start with BIPA, and know what “biometric” actually means

Illinois’ Biometric Information Privacy Act, or BIPA, is the big one. It applies when a private company collects or stores things like fingerprints, scans of face geometry, or voiceprints. 

A company should not treat your body like a password that it can copy and keep. Expect written notice, a clear purpose, a clear retention timeline, and a written release before collection starts. If you want to see how evidence-backed investigations turn privacy harms into accountability, check out Companies Behaving Badly.

Notice and consent should be specific

BIPA expects clear written disclosure and a written release, not a rushed tap-through with no details. Watch for tiny signage, forced “agree” screens, or language that never states the purpose and time period. 

BIPA also restricts selling or otherwise profiting from biometric identifiers and information. If a company indicates that they share your data with partners, without naming who, ask for the policy link and take a screenshot before you decide.

Spot the quiet biometric moments in daily life

In Chicago, biometrics can show up in places that do not seem high-tech. Think building lobbies with face access, employer time clocks, stadium entry lanes, hospital check-in kiosks, and customer service lines that create a voiceprint. 

BIPA is meant to give you control, not to surprise you after the fact. Ask what is being captured, who stores it, and whether a third-party vendor runs the system. Ask how long it is kept, and how deletion works. If the answer is fuzzy, treat that as a red flag.

Tracking is bigger than biometrics, and your phone is the main target

Even with no face scan, tracking can happen through location data, advertising IDs, Wi-Fi connections, Bluetooth beacons, and pixels inside apps and emails. A store can link device signals to purchases via loyalty programs and card transactions, then build a profile for ads, risk scoring, or personalized pricing. 

Be sure to reduce what you share by default. Set the location to “while using,” turn off background access you do not need, reset your ad ID, and disable Bluetooth when you are not pairing devices. Be cautious with free Wi-Fi, especially when logging into accounts.

Use a data diet that cuts exposure without killing convenience

You will not outsmart every tracker, but you can shrink what you hand out. Keep fewer accounts, and delete the ones you do not use. Use separate emails for shopping and banking. Decline “upload contacts” prompts unless the feature truly needs it. Be sure to also turn off background location for apps that do not map your route. 

Additionally, use passkeys or a password manager, and enable two-factor authentication on your primary email first. These moves reduce the risks when a company is sloppy or when a vendor is breached.

Prepare for breaches

Illinois has a breach notification law, so you may get a letter or email when certain data is exposed. Do not treat that notice like junk mail. Read what was affected, when it happened, and what the company believes was taken. 

You should then change passwords that match the affected account, and turn on multi-factor authentication. Review recent bank and card activity. Make sure to freeze your credit if sensitive identifiers may be involved. You should also save the notice and your actions because dates matter. 

Additionally, if monitoring is offered, read what it covers, enroll promptly, and cancel before any paid renewal. If you spot fraud, you should dispute it fast and keep every case number.

Escalate with documentation

Privacy complaints go further when they are specific. Screenshot the consent screen, and save the privacy policy version you were shown. Write down the date, place, and device used. 

If biometrics are involved, BIPA is a tool people use to demand accountability, and it has been enforced through lawsuits as well as public pressure. For non-biometric tracking, report deceptive practices to the business, then to regulators when appropriate. You can also consider legal advice if harm is real.

Endnote

Illinois has unusually strict rules around biometric collection, including written notice, a written release, and a retention and destruction policy. Illinois also expects certain entities to report data breaches to the Attorney General in addition to notifying affected residents. Recent amendments to BIPA (SB 2979, signed August 2, 2024) clarified electronic consent and aimed to limit damages accrual on a per-person basis.

 

Related Posts

Why Every Camper Should Carry an LED Torch in the Aussie Bush
The Aussie bush has a way of changing its tune the moment the sun dips below the horizon. What felt...
Best Software Solutions Companies Driving Digital Innovation
In today’s rapidly evolving digital economy, every forward-thinking organization depends on a reliable software solutions company to stay competitive, scalable,...
Digital Security for Creators: Protecting Your Work Online
The digital world’s growth highlights the urgent need for digital security for artists and creators. Online platforms and digital showcases...