arrow_back
All Blog Posts
Newsletter
April 28, 2025

Concord Privacy News: 4/28/25

Massachusetts lawmakers consider comprehensive consumer privacy legislation; states grappling with divergent consent standards; Congress to investigate 23andMe's handling of sensitive data.

Massachusetts Lawmakers Consider Comprehensive Consumer Privacy Legislation

Massachusetts is once again at a crossroads in consumer privacy protection as lawmakers evaluate several comprehensive privacy bills during the current legislative session. A hearing before the Joint Committee on Advanced Information Technology, Internet and Cybersecurity on April 9, 2025, brought together stakeholders to discuss the merits of competing approaches to privacy regulation in the Commonwealth.

Three primary privacy proposals are under consideration:

  • H.78 (Massachusetts Consumer Data Privacy Act)
  • H.80/S.33 (Comprehensive Massachusetts Consumer Data Privacy Act)
  • H.104/S.29/S.45 (Massachusetts Data Privacy Act)

A central debate has emerged around how Massachusetts should position itself within the growing "patchwork" of state privacy laws in the absence of federal legislation. The H.80/S.33 bill follows models already adopted by Connecticut, Rhode Island, New Hampshire, and 15 other states, emphasizing regulatory consistency across state lines.

In contrast, H.78 and H.104/S.29/S.45 contain more distinctive provisions, most notably a private right of action that would allow consumers to pursue legal remedies—a feature absent from many other state privacy laws.

Industry representatives voiced support for the H.80/S.33 approach during the hearing, arguing that alignment with neighboring states would create clear expectations for both businesses and consumers. They expressed concerns that a private right of action could burden small businesses with potentially frivolous litigation.

Advocacy groups and research centers countered by supporting H.78, suggesting that Massachusetts consumers may have unique privacy concerns different from those in neighboring states. They highlighted that the bill includes specific carveouts designed to shield small businesses from undue liability.

The Joint Committee has until June 8, 2025, to decide which, if any, of these privacy bills will advance in the legislative process.

Other Privacy News of Note

The Privacy Tug-of-War: States Grappling with Divergent Consent Standards

In recent years, the United States has seen a significant surge in adopting state-level data privacy laws. With the number of those laws now at 20 and counting, the states' laws have sought to impose additional and heightened requirements on certain types of data and specific data processing activities. Unlike general privacy obligations, these heightened protections reflect the increased risks associated with processing certain types of information, such as sensitive information and personal data of minors, and in engaging in certain actions with personal data, such as selling it, using it to engage in targeted advertising, and using it to profile individuals. Read more.

Congress to Investigate 23andMe's Handling of Sensitive Data

Following biotechnology company 23andMe's filing for bankruptcy, losing its CEO, and trying to find a buyer last month, the House Committee on Energy and Commerce launched an investigation into the genetic data company's handling of customers' personal information. On Friday, the committee sent a letter to 23andMe regarding selling people's sensitive information following its filing for Chapter 11 bankruptcy. Read more.

Product
Consent ManagementPrivacy RequestsData MappingIntegrationsSign InSign Up
Solutions
SoftwareE-CommerceFinancial ServicesGovernmentHealthcareStartupsOpen Source
Resources
PricingHelp DocsBlogRoadmapContact UsBook a MeetingAffiliate Program
Your Privacy Choices
Support CommitmentLeadershipMerch
Social
Concord Light Blue White Logo
© 2024 Concord Technologies Inc | All Rights Reserved | Website Privacy Policy | Disclaimer | SaaS Agreement | Data Protection Agreement |Affiliate Agreement