Communications Litigation Today was a service of Warren Communications News.
8 Bills

Mass. Senators See 'Urgency' for Passing Comprehensive Privacy Law

March 17, 2025 by Adam Bender|Top News

The Massachusetts Senate will try to reach consensus on comprehensive privacy legislation this spring, two state senators told us. Privacy Daily has counted eight comprehensive privacy bills so far in the Massachusetts legislature, with four apiece in the House and the Senate.

Massachusetts lawmakers failed to approve a broad privacy law in multiple previous sessions, but the Trump administration's activities could drive the state to finally act this year, Sen. Michael Moore (D) said in an interview last week. “With what's going on ... nationally with deregulation and not knowing … what rights are going to be preserved or what rights are not going to be preserved,” states must take responsibility of making sure we’re preserving some of the privacy rights for our citizens," he said.

The large number of Massachusetts privacy bills this year shows that "there’s going to be interest,” said Moore, the Senate chair of the Joint Committee on Advanced Information Technology. Moore's bicameral panel plans hearings to “really delve into what the differences are” among the bills, including one he sponsored. The committee originally planned a March 26 hearing; the tentative new date is April 9, he said.

“My colleagues and I are committed to working collaboratively to reach consensus on these important privacy measures,” Sen. Barry Finegold (D) told us in a written statement. “All four approaches recognize the urgency of establishing robust data protection for Massachusetts. Our goal is to craft a unified bill that provides the strongest possible privacy protections while also ensuring practicality for businesses.”

Moore’s S-45 and Senate Democratic Leader Cynthia Creem’s S-29 are the same bills. “Both are modeled after the 2022 federal American Data Privacy and Protection Act (ADPPA),” said Jordan Francis, Future of Privacy Forum policy counsel. Finegold’s S-301 “is a unique bill that incorporates elements from multiple frameworks,” including the California Consumer Protection Act, the Washington Privacy Act model that influenced Connecticut and many other states, and the General Data Protection Regulation (GDPR) lawful basis requirement, the FPF official said.

Meanwhile, with S-33, Sen. William Driscoll (D) has “a fairly standard, Connecticut-style bill, including the expanded protections for consumer health data and a duty of care to avoid heightened risk of harm to minors,” said Francis.

On the House side, H-104 by Rep. Andres Vargas (D) looks like the Moore/Creem bills, while H-80 by Rep. Kate Hogan (D) is like Driscoll’s bill. But two others don’t have copies in the Senate. H-78 by state Rep. Tricia Farley-Bouvier is based on a model bill by Consumer Reports and the Electronic Privacy Information Center (see 2501160057 and 2501210018). Meanwhile, said FPF’s Francis, H-1754 by Rep. Russell Holmes (D) “is modeled very closely on the GDPR.”

Moore believes his S-45 is a “very strong consumer bill” that’s now even more important because of what’s happening in the federal government. “Right now we’ve got Elon Musk in the White House … getting access to people’s personal information [and] we don’t really know what controls have been put on him or his staff,” the Democrat said. “So I think it's very important now that we try to pass a bill that's going to be strong and really protect people's privacy on your personal information.”

Connecticut had “a good first version” of a privacy law, said Moore, but Massachusetts should exceed its requirements since there’s been “more research” done since 2022, when the Connecticut bill was enacted. Moore added that other states passed laws afterward with additional protections.

Moore supports a private right of action, unlike Connecticut’s law and other state acts that followed. “If you only empower the attorney general … you’re going to have a resource issue” that may limit how many cases are pursued, he said. “Individuals should not have to sacrifice their privacy rights due to lack of resources.”

In addition, Moore supports requiring data minimization. “One way of helping to protect individuals' information is making sure that industries only have the … reasonable information that they need to operate.” Requiring registration for data brokers is another key component of good privacy legislation, he said. “We need to know who the data brokers are.”

Finegold highlighted two aspects of his S-301 that, he said, sets it apart from the other Senate bills. “Our bill includes a unique interoperability clause allowing for compliance with the law by displaying compliance with another privacy law of equal or greater protection,” said the senator: Additionally, S-301 “introduces a first in the nation right for first-party targeted advertising, addressing a growing privacy concern not covered in other proposals.”