Skip to main content

Massachusetts Information Privacy Act (MIPA) – Privacy Bill

The Massachusetts Senate is currently in the process of preparing perhaps the strongest privacy law in the US – the MIPA. The Massachusetts Information Privacy Act aims to build on some of the other regulations introduced in states like Virginia (CDPA) and California (CCPA) while increasing the scope and severity of penalties for non-compliance.

Let’s dive into the details of what the MIPA could look like, including how it will impact businesses and residents of the state.

Massachusetts Information Privacy Act (MIPA) - Privacy Bill
Massachusetts Information Privacy Act (MIPA) – Privacy Bill

The History of Privacy Laws in MA | Massachusetts Information Privacy Act

This is not the first time that Massachusetts has been a trailblazer in terms of privacy laws. For example, it passed one of the country’s first – and most comprehensive – regulations for data security.

Their goal has always been to hold companies accountable for the privacy of their residents, and they continuously take steps to advocate for data security and safety measures. That’s why it is no surprise that the MIPA they are proposing presents a significant jump in standards for privacy laws in the United States.

In other words, if the MIPA were to pass, it could create a precedent for similar laws in other states.

Cookie Consent Manager | Take a 2 week free trial

Take a 2 week free trial for our paid plans or create a free account …

Create an accountView our plans

Increasing the Breadth of Privacy Regulations

So, what is the primary goal of the Massachusetts Information Privacy Act? An essential aspect of this regulation is that it expands the scope of data privacy laws and further shelters its residents from continuous surveillance.

It specifically regulates the data practices of larger companies, which many other data security laws fail to completely include within their scope. For instance, the collection and processing of users browsing history to create targeted marketing campaigns would be regulated under the MIPA.

Similarly, the Massachusetts Information Privacy Act is the first to address technology that combines GPS, sensors, facial recognition, and other extremely sensitive data to track users. It is no secret that some of these companies are using our voices, faces, and location to drive their business, but this also presents a significant risk for harm or misuse.

How can you prevent a stalker or harasser from leveraging this information for their benefit? What about employees that can collect similar data to surveil their employees and invade their privacy? Where do you draw the line?

Under the MIPA, this type of invasive surveillance would be significantly restricted. It would close off the market for buying and selling location data at the source, as it will prevent companies from engaging in these types of transactions.

The MIPA also increases the state’s ability to investigate and prosecute any violations. The law will establish the Massachusetts Information Privacy Commission, and its purpose is to enforce the MIPA, investigate complaints, and serve as a point of contact for residents to seek damages.

Are your an agency, webdesigner or another reseller?

Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients

Calculate your revenue

The Need for Consent | Massachusetts Information Privacy Act

Another critical component of the MIPA is the need to obtain consent before gathering certain data. The law asserts that users have a right to privacy – which means that companies cannot collect biometric data or location history without a user’s consent.

The MIPA has major implications for companies like Amazon. They would need to get written consent from users before using their home security technology that leverages facial and voice recognition. Simply put, tricking users into clicking a button that says ‘I Agree’ is not good enough.

The duty of confidentiality outlined in the law would also place a greater burden on these large corporations that collect and process personal data. They would be held accountable for safeguarding that information and maintaining confidentiality. This means they cannot sell your data to a third party if they do not have a contractual obligation to maintain the same standards.

The duty of care applies to keeping your information safe from hackers and other third parties. They will also be required to act in the best interest of their users, which could eliminate instances of self-dealing and other conflicts of interest.

Giving Users Power Over their Data

The Massachusetts Information Privacy Act also aims to give users more power over their data. It would grant residents the right to access, correct, and delete their data from a company database at any time.

Think about how harmful it could be if a company incorrectly attributed a user’s profile to someone with a poor financial history or a criminal background. This section of the MIPA allows users to correct inaccurate information and delete irrelevant data.

It also means that companies would need to make it easier for you to delete an account, decline their attempts to collect data, and understand what information is gathered. They will no longer be able to rely on confusing choices or time-consuming processes that benefit them – at the user’s expense.

The civil penalties for failing to give users these powers are on par with the GDPR in Europe, which demonstrates significant strides towards holding large corporations like Amazon and Facebook accountable.


Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and consent management, statistics, periodic cookie scans, automated cookie declaration, banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!