Tell Rep. Tricia Farley-Bouvier: Strengthen the MA Data Privacy Act!
The Massachusetts Data Privacy Act (MDPA), S. 2619, passed in the Senate and is now closer than ever to becoming law - but it needs to be stronger.
Representative Tricia Farley-Bouvier, Chairperson of the Joint Committee on Advanced Information Technology, the Internet, and Cybersecurity, is drafting a House comprehensive data privacy bill process. She faces significant pressure from businesses who want to weaken privacy protections.
She needs to hear from YOU, Massachusetts residents who want the strongest privacy protections in the United States. Please write to her office and call (617) 722-2676 to voice your support for the MDPA.
What’s Happening With Your Data Right Now
Every time you use your phone to check the weather, find a restaurant, or search for health information, companies are collecting your data. They’re tracking where you go, what you search for, and even your private communications. These companies then sell your personal and sensitive information to unregulated data brokers who profit from violations of your privacy.
This means:
Your location data could be purchased by stalkers, hackers, or even foreign adversaries tracking military personnel.
Immigrants’ data is accessed by ICE to track, surveil, and deport them, violating the Constitution.
Children’s information is being collected and sold without parental knowledge.
Your medical searches, financial information, and private messages are being packaged and sold for profit.
The MDPA would finally give Massachusetts residents control over their personal information. It would also prohibit the sale of location data for everyone in the state, not just residents, which protects those seeking reproductive or gender affirming health care in MA.
Three Things the MDPA Must Include
| Real Data Minimization | Ban the Sale of Sensitive Data | Private Right of Action |
| What it means: Companies can only collect personal data that is reasonably necessary and sensitive data that is strictly necessary to provide the service you requested. Why it matters: Companies collect massive amounts of “extra” data that has nothing to do with their service, just so they can sell it on the side for extra profit. Data minimization means your private information stays private. What we need: The current bill has significantly curtailed the category of sensitive data. While it includes protections for health information, geolocation and biometric data, protections for financial data, private communications, web searches and a lot more, have been removed. | What it means: Companies cannot sell your most personal information - like your health data, precise location, biometric information, children’s data, or immigration status.
Why it matters: There’s no good reason why companies should profit from selling your medical history, tracking your movements, or revealing your online activity. This information should never be for sale, period. What we need: Bill S.2516 included this ban, but industry lobbyists convinced Ways and Means to strip it out so it is not present in S.2619.We need the House to ban the sale of sensitive data. | What it means: If a company violates the law, you (or an organization representing you) can sue them directly. You don’t have to wait for the Attorney General to act.
Why it matters: The AG's office doesn’t have the time or resources to catch every violation, especially now when they are constantly suing the Trump administration. Without a private right of action, big companies will simply ignore the law because they know enforcement is unlikely; a PRA makes companies actually follow the law. What we need: The Senate bill removed the private right of action entirely. This MUST be added back into the House version, or the law will have no teeth. |
Sponsored by
