United States of America: Act establishing the Massachusetts Data Privacy Act (SD 267) was introduced to the Senate

On 10 January 2025, an Act establishing the Massachusetts Data Privacy Act (SD 267) was introduced to the Massachusetts Senate. The Act aims to enhance data privacy protections for residents and introduce measures to regulate how entities collect, process, and transfer personal data, promoting greater transparency and control for individuals over their data. The Act defines "covered data" as information linked to an individual, excluding de-identified or publicly available information. "Covered entities" are organisations that process such data, excluding certain small businesses and nonprofits. Sensitive covered data would be protected, which includes information including social security numbers, precise geolocation, and biometric data. Entities would be prohibited from processing sensitive data for targeted advertising and would need to obtain explicit consent for its collection and transfer. Further, the Act would enable individuals to access their data, correct inaccuracies, and request deletion. Individuals would also be able to opt out of data transfers, targeted advertising, and profiling. Lastly, the Act would prohibit entities from engaging in targeted advertising to individuals known to be minors.