January is Data Privacy Month, and therefore an appropriate time to remind readers why it is important to stay vigilant regarding what information companies collect, use and share with third parties who can track your devices and send a barrage of targeted ads and otherwise intrude on your privacy. As early as 2012 in United States v. Jones, the Supreme Court recognized that “with GPS information, the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations’” and therefore a warrant is necessary to obtain one’s cellphone history. Carpenter v. United States, 585 U.S. 296, 311 (2018), citing and quoting United States v. Jones, 565 U.S 400, 415 (2012) (opinion of Sotomayor, J.) This issue has become increasingly important in recent years as our digital footprint expands and the technology to collect it becomes more sophisticated.

Underscoring the threats posed by data collection, on January 17, 2025, the Supreme Court upheld the Protecting Americans From Foreign Adversary Controlled Applications Act, requiring TikTok’s Chinese parent company to divest its interest in TikTok or face a U.S. ban, citing security concerns arising out of the app’s data collection practices. However, on January 20, 2025, President Trump’s first day in office, he signed an executive order preventing the ban from going into effect for an additional 75 days. This remains a fluid situation, and it is unclear whether this executive order will be upheld as a valid use of executive power or whether TikTok will be sold to a non-Chinese owner. Additionally, in recent years, Meta has been under scrutiny for selling users data, thrusting data privacy into the limelight.

Having strong data privacy systems is especially important as a defense against hackers, who post information on websites that, at best, is inaccurate, and then demand money in exchange for returning accounts to their rightful owner. Even nonprofits are not immune from data privacy breaches, as discussed in our Nonprofit’s Guide to Data Privacy Breaches.

The issue of data privacy is closely related to the right of publicity, which protects your name, likeness, and image. These rights vary state by state, but in Illinois, identity is defined to mean “any attribute of an individual that serves to identify that individual to an ordinary, reasonable viewer or listener…” (765 ILCS 1075/5) To read more about states’ consumer privacy laws and their common features, see our Comprehensive State Consumer Privacy Law Insight.

These issues are particularly relevant to young children and teenagers, and the Children’s Online Privacy Protection Act was passed in 2013 in response to this issue. It protects children under 13 years old by restricting the data websites can collect and imposes liability on specific websites that knowingly collect their information. However, enforcing age registrations can be difficult, especially when children are often more technologically proficient than their guardians.

In the absence of comprehensive state consumer privacy laws, the proposed American Privacy Rights Act (APRA) is the most recent effort by Congress to create a comprehensive consumer privacy law.

At Lutzker & Lutzker, we help businesses, organizations and individuals navigate complex privacy laws, adapt to evolving requirements and follow best practices. We review and prepare privacy policies compliant with specific state or federal laws, create internal data protection policies and guide clients on international data transfer issues. We also have experience navigating the labyrinths that Facebook and other online platforms have put in place to make the return of websites and social media to their rightful owner unnecessarily challenging. Contact us to learn how we can help you or your organization stay compliant and maintain trust with your audience.