State lawmakers in Massachusetts have advanced a data privacy bill that “enshrines core internet privacy rights, protections, and standards” in the state.
If the bill, the Massachusetts Information Privacy and Security Act (MIPSA), passes, Massachusetts would join states like California, Colorado, and Virginia that have passed state-level data privacy laws in the absence of one at the federal level.
The Massachusetts Legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity advanced the bill out of committee last week. The bill will now likely go through the joint Ways and Means Committee, according to the Boston Globe, although it isn’t clear when exactly it would be considered.
Specifically, lawmakers say the bill would allow for Massachusetts residents to opt-out of the sale of personal information and targeted advertising online; limit how companies can use or disclose information like their biometric data, location data, or racial data; and give residents the right to access, delete, correct, or transport personal information that a company collected about them.
It also requires companies to provide “clear, easy-to-understand privacy notices” that spell out how users’ personal information is collected, used, and sold and gives the state’s attorney general’s office the power to impose penalties for violations of the law, and require opt-in consent for most sales of sensitive information, among other things.
“Online privacy and security issues are only going to get more important, and we need to take proactive measures to ensure new technologies are used responsibly,” Senate Chair Barry Finegold said in a statement. “In the absence of federal action, we can enact meaningful reforms in the Commonwealth and help clarify the rules of the road for businesses. MIPSA is an important step in the right direction: the bill affirms foundational privacy principles and develops an adaptable, enduring regulatory framework.”
Kade Crockford, the director of the technology for the liberty program at the ACLU of Massachusetts, told the Boston Globe that as the bill progresses through the state’s legislature she hoped that it would continue to keep provisions that require companies to “obtain consent before collecting unlimited information about us, prohibit the current free-for-all market of sensitive information like our location and biometric data, and allow Massachusetts residents to have their day in court if companies violate the law.”
The bill comes as there is clearly an appetite in the United States for data privacy laws. A recent poll from Morning Consult and Politico found that 56% of registered voters either “strongly” or “somewhat” supported the passing of a law at the federal level that would “make it illegal for social media companies to use algorithms to determine the content users see based on personal data social media companies have collected from them.”
The support for such a bill was bipartisan, according to the poll. Meanwhile, a collation of public interest and advocacy groups recently delivered 24,000 petitions to Congress that outlined how people wanted a data privacy law that would make “the internet a better, safer place that enhances our democracy and where our rights are protected.”
Read more about internet rights
|ISPs won’t quit trying to derail California’s ‘gold standard’ net neutrality law
|A new bill might force data brokers to delete everything they have on you
|Congress barrels forward with EARN IT Act, determined to end encrypted messaging online
|FCC agrees to crack down on ‘sweetheart deals’ that restrict broadband choice in apartments, condos
|Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.