Congress sold out your online privacy. Illinois doesn't have to follow.

 This was originally posted as an Op Ed on Crain's Chicago Business by Derek Eder, a DPA Board Member.

With the rollback earlier this month of consumer protections at the Federal Communications Commission, your internet service provider is now free to sell your browsing history, geolocation and financial details to anyone—without your knowledge or permission.

After an outcome like this, it's easy to feel discouraged. You're unable to walk away from your internet provider and powerless to have your voice heard in Washington.

Fortunately for Illinois residents, there's statewide legislation under consideration that would protect our online information with the "Right to Know" (HB 2774) and "Geolocation Privacy Protection" (HB 3449) bills.

Despite the public outcry to the recent FCC changes and the clear need to protect Illinois consumers in the digital age, I was disappointed to see Todd Maisch, president and CEO of the Illinois Chamber of Commerce, voice his opposition to these much-needed protections. In his recent opinion piece, Mr. Maisch argued that these bills would be burdensome for small businesses and tech startups. As the owner of a small business in the tech industry as well as a longtime member of Chicago's startup hub 1871—and thus a part of the very constituency Mr. Maisch is claiming to speak for—I wholeheartedly disagree.

The "Right to Know" act requires companies to be transparent about what personal data they collect from users and who they sell it to. In an age where billions of email, text and Slack notifications are sent every day, asking companies to notify users in this additional case is both easy to implement and the respectful, moral thing to do.

The "Geolocation Privacy Protection" bill requires companies to simply get your permission before using and sharing the geolocation data they collect when tracking your whereabouts. (Did you know that at present they don't even have to ask in order to track you?) If your app or service doesn't use geodata, then no changes are needed. Those that do need only to get your permission the first time you engage with them, and they just need to add a few details to their already-required privacy policy to say what they'll do with the data.

It's important to realize that transactions involving your personal information are different from transactions involving physical property. After you spend cash or transfer ownership of property, you walk away from it. When you trade personal information, there's no walking away. The data you've handed over remains connected to you and there's a good chance you will never be able to delete it.

The Wild West, anything-goes Era of the Internet is ending, and it's time for the technology industry to grow up and take responsibility for the awesome power we now have over people's personal lives. It is no longer acceptable for technology companies to violate the trust their users have put in them by abusing consumers' privacy and shamefully hiding the fact that they are doing so. These two consumer privacy bills are a strong step in the right direction.

In the 1970s, the auto industry vehemently resisted seat belt regulations, claiming they would raise prices and cost jobs. Sound like a familiar argument? In the end, the auto industry came around because a safer product is a better product, and frankly, their customers demanded it.

The same applies to Illinois and the position it must take when it comes to privacy. Enhancing consumers' privacy by making data collection practices more transparent will not hamper the ability for small businesses and tech startups in Illinois to thrive— in fact, it will do just the opposite.