One Step Closer to a Massachusetts Data Privacy Law: Comparing the Current House and Senate Bills | State AG Insights

Staff Editor 2026-06-17
One Step Closer to a Massachusetts Data Privacy Law: Comparing the Current House and Senate Bills | State AG Insights

One Step Closer to a Massachusetts Data Privacy Law: Comparing the Current House and Senate Bills | State AG Insights

https://foleyhoag.com/news-and-insights/blogs/state-ag-insights/2026/june/one-step-closer-to-a-massachusetts-data-privacy-law-comparing-the-current-house-and-senate-bills/

Publish Date: 2026-06-17 15:31:00

Source Domain: foleyhoag.com

Applicability Persons conducting business in Massachusetts and producing products/providing services targeting Massachusetts residents that in the year prior:

  1. Collected/processed data of ≥100,000 consumers;
  2. Derived gross revenue of ≥$100,000 from personal data sales;
  3. Collected/processed any sensitive data
Persons that in the prior year:

  1. Collected/processed data of ≥60,000 consumers;
  2. Collected/processed personal data of ≥20,000 and derived 20% gross revenue from personal data sales;
  3. Collected/processed/transferred reproductive/sexual health data
Private Right of Action Private right of action against large data holders via 93A; no private right of action for non-large data holders (exclusive AG enforcement)
“Large data holder” is defined as a controller or processor that in the most recent calendar year collected, processed, or sold:
(1) personal data of more than two million consumers (excluding personal data collected and processed solely for billing); or
(2) sensitive data of more than 200,000 consumers. No private right of action —only AG has enforcement powers Data Minimization Collection of personal data should be “reasonably necessary and proportionate … consistent with the reasonable expectation of the consumer,” evaluated by a four-factor balancing test. Collection of personal data should be “reasonably necessary to provide or maintain a specific product or service.” Sensitive Data — Definition
  • Data revealing certain types of information about a consumer (including race, nationality, immigration status, religious beliefs, sex life, sexual orientation, status as transgender/non-binary, union membership, status as crime victim, veteran status)
  • Data revealing certain health data (including gender-affirming, reproductive, or sexual health data)
  • “Consumer health…

Source

More Stories

ALPR Network Faces Lawsuit Over Alleged California Privacy Violations And Data Sharing

ALPR Network Faces Lawsuit Over Alleged California Privacy Violations And Data Sharing

Staff Editor 2026-06-20
Nancy Guthrie’s Facebook Privacy Settings Changed After Her Disappearance

Nancy Guthrie’s Facebook Privacy Settings Changed After Her Disappearance

Staff Editor 2026-06-20
What Tom Holland’s marriage reveal says about commitment and privacy

What Tom Holland’s marriage reveal says about commitment and privacy

Staff Editor 2026-06-20

Terms and Conditions - Privacy Policy