A PYMNTS Company

Massachusetts Lawmakers Unanimously Pass Comprehensive Privacy Protections

 |  June 9, 2026
Banks Harness AI as Weapon Against Rising Tech-Fueled Fraud

Massachusetts is poised to become the 21st state to enact comprehensive privacy protections after the state House voted 146-0 this week to pass the Consumer Data Privacy Act. The House vote follows a similarly unanimous approval of a separate privacy bill by the Senate back in September. According to TechCrunch, the two bills will now be combined in the Senate before being sent to the desk of Gov. Maura Healey, who is expected to sign it.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The statute will apply to companies that handle or process the personal data of more than 100,000 consumers, a higher threshold than some other state privacy law, but low enough to capture midsized startups and enterprises as well as Silicon Valley tech giants.

    Like the California Consumer Privacy Act, the Massachusetts law would prohibit the sale or sharing of sensitive information without an individual’s consent, including biometric and health data, as well as data containing markers of their religion, immigration status and sexual orientation. It also provides residents the right to know, delete and opt out of certain data uses. Unlike similar statues in other states, however, the Massachusetts law provides consumers a private right of action against large data collectors in certain circumstances.

    WHAT’S NEXT IN TECHREG™

    The Bay State’s statue also goes farther than many other states in banning the sale or sharing of users’ precise location data, whether they are residents of Massachusetts or merely visitors. By covering out-of-state as well as in-state users, the provision effectively amounts to a blanket ban on the sale of precise location data collected anywhere in the state.

    Per Startup Fortune, that provision could create a significant compliance risk for many startups and enterprises that collect or resell precise location and movement data, such as retail foot-traffic analytics firms, audience measurement services and advertising agencies.

    Read more: EU-US Data Privacy Framework Facing New Stress as Old Questions Resurface

    The sale of location data has long been a flashpoint in the privacy debate. Data brokers have long relied on app developers to sell their users’ location data, which they then repackage and resell. The issue has recently taken on greater significance, however, amid revelations that ICE and other federal immigration agencies have been purchasing commercially available location data to target individuals in lieu of warrants.

    With nearly half the states enacting comprehensive privacy protections pressure is mounting on Congress to pass federal privacy standards that would apply nationwide. The Biden administration came close to establishing federal privacy regulation with a rule subjecting data brokers to adhere to the same restrictions on the sale or disclosure if sensitive personal and financial data as apply to other consumer reporting agencies, such as credit bureaus. But the Trump administration scrapped the rule shortly after taking office.

    Per TechCrunch, privacy-focused organizations generally welcomed the Massachusetts measure. Evan Greer, director of the Fight for the Future advocacy group, called the bill “a major step toward cracking down on Big Tech’s surveillance abuses.” The American Civil Liberties Union issued a statement applauding Massachusetts for being a  “leader in protecting personal privacy and curbing digital surveillance.”