A legislative committee is recommending passage of a sweeping internet privacy rights bill.
The Joint Committee on Advanced Information Technology, the Internet and Cybersecurity, chaired by Andover Sen. Barry Finegold and Methuen Rep. Linda Dean Campbell, voted 12-0 to advance the Massachusetts Information Privacy and Security Act originally sponsored by Rep. Andy Vargas and Senate Majority Leader Cindy Creem. If passed, the bill would give residents greater control over personal information online and establish standards for how companies can collect, use, retain and sell personal information.
Finegold said, “Online privacy and security issues are only going to get more important, and we need to take proactive measures to ensure new technologies are used responsibly. In the absence of federal action, we can enact meaningful reforms in the Commonwealth and help clarify the rules of the road for businesses.”
The Committee was established a year ago and received testimony on data privacy issues at its Oct. 13 hearing. Finegold and Campbell identified data privacy legislation as their top priority for this session. The bill marks the first time comprehensive data privacy legislation has advanced out of a legislative committee in Massachusetts.
“The public is demanding that government act to protect their personal information from being shared without their knowledge and consent,” said Campbell. “This legislation begins the process of putting laws in place to protect the public. There is no doubt that more needs to be done at both the state and the federal level.”
The Committee said the absence of such a privacy law potentially allows companies to sell and publicize app data about sexual orientation, religious identity and health conditions; disclose personal information to fraudsters and identity thieves; allows advertisers to “relentlessly target consumers with intrusive personalized ads;” and permit stalkers to have geolocation data in real time.
If passed, the law empowers the Massachusetts Attorney General’s office with the powers to investigate, regulate and enforce the additions to consumer rights. The attorney general established a Data Privacy and Security Division in 2020. Under the proposed law, the Division would be further equipped to ensure that companies respect residents’ privacy rights and adhere to the foundational privacy principles enshrined in state law. It tailors compliance requirements to a company’s size, scope and conduct in order to reduce impacts on small businesses.
A dozen committee members voted favorably and five did not take a position. There were no Committee votes against the bill.