Massachusetts Senate Bill S2770 (The Massachusetts Data Privacy Act)

Written By Shriya Srikanth

Introduction 

Massachusetts Senate Bill S2770, also known as the “Massachusetts Data Privacy Act,” proposes a new framework to regulate data collection and use by businesses to handle consumer data and empower individuals with greater control over their personal information. This bill was introduced by the Advanced Information Technology, the Internet and Cybersecurity and sponsored by Senator Cynthia Stone Creem and Senator Jason M. Lewis. 

Key Provisions:


Requires covered businesses to: 

  • Implement reasonable safeguards to protect personal information. Requires businesses to have a data retention period. 

  • Provide consumers with clear and conspicuous notices about data collection practices, including the purpose, use, and potential disclosure of their information. 

  • Honor consumer requests to access, correct, delete or opt-out of the sale or sharing of their personal information to third parties. Individuals can opt for targeted advertising and utilize their profile for automated decisions. Covered entities and service providers must provide clear mechanisms for individuals to exercise their rights. 

  • Limit the use of sensitive personal information for specific purposes and with additional consumer consent. 

Establishes a Data Protection Commision to oversee the Act’s enforcement, including creating rules, conducting investigations, and imposing penalties for violations. 

Potential Impacts: 

  • Increased Consumer Control: Consumers will have greater Control over their personal information. Including the ability to access, correct, and delete data. 

  • Enhanced Business Accountability: Businesses will need to implement robust data security practices and obtain informed consent for data collection and use. 

  • Potential for Regulatory Burden: Businesses may face compliance costs associated with implementing the Act’s requirements.  

  • Uncertain Impact on Innovation: The Act’s impact on data-driven innovation within the state’s business community remains to be seen.  

  • Limited Application: The Act does not apply to health information protected by HIPAA and biometric information used for medical or research purposes. 


FYI, here’s the Massachusetts Legislature Bill S.2770:

https://malegislature.gov/Bills/193/S2770

Shriya Srikanth
Previous

Policy Brief: Illinois Senate Bill 3517 (The Privacy Rights Act)