Technology news

Massachusetts Lawmakers Evaluate Online Data Privacy Bill | Tech News

BOSTON (AP) — A bill that would grant Massachusetts residents what supporters describe as basic internet privacy rights — including greater control over their personal information — is making its way through the Statehouse.

The bill, which would set standards for how companies can collect and sell personal information, was unanimously approved by the Advanced Information Technology Legislative Committee this week.

Supporters say the bill builds on similar efforts in Colorado, Virginia and California and would help modernize Massachusetts laws for the digital age. Critics warn that a patchwork of state-to-state regulations could unfairly burden companies trying to comply with the laws.

“Online privacy and security concerns will only grow in importance,” said Democratic State Sen. Barry Finegold, chairman of the Senate committee. “In the absence of federal action, we can enact meaningful reforms across the Commonwealth and help clear the rules of the road for business.

People also read…

An Associated Press poll last year found that most Americans don’t believe their personal information is secure online.

One change the bill would make would be to allow Massachusetts residents to opt out of the sale of personal information.

The bill would require companies to obtain consent for most sales of sensitive information – such as geolocation, biometric or racial data – and when selling the personal information of children under 16.

It would also give internet users the right to delete and correct the personal information a company maintains about them.

Under the proposed law, companies would be required to provide easy-to-understand privacy notices that detail how personal information is collected and sold and how residents can opt out. Businesses should conduct regular risk assessments for high-risk practices such as selling personal information and minimize the amount of personal information collected and retained.

The legislation would also allow the attorney general’s office to impose penalties of up to $7,500 per violation, ensure that state privacy laws keep pace with the times, and require those who buy and sell Internet data register with the Attorney General’s office.

According to Chris Gilrein of TechNet, a technology industry group, establishing rules for the internet state by state makes little sense.

“It’s not the Internet of Massachusetts or the Internet of New Hampshire or Connecticut. Ultimately, a federal privacy law is the only way to end the costly patchwork of state laws,” Gilrein said in a statement. “Federal law would give consumers confidence that their data is protected wherever they live while providing businesses, especially small businesses, certainty of their responsibilities.”

Without a federal standard, companies will face an expensive task of trying to comply with each new state law, Gilrein said.

Supporters said the Massachusetts bill would help the attorney general’s office ensure law enforcement aligns with similar laws in other states while protecting small businesses and minimizing excessive charges. to comply with the law.

“The public demands that the government take action to prevent their personal information from being shared without their knowledge and consent,” said Democratic Rep. Linda Dean Campbell, House committee chair.

A handful of other states have passed data privacy laws.

The California Consumer Privacy Act of 2018 was also intended to give individuals more control over the personal information collected by companies, including the right to know what information is collected and how it is used, the right to delete personal information and the right to opt out of the sale of their personal information.

The California Department of Justice began notifying companies found to be non-compliant with data privacy law in July 2020.

In its first year of enforcement, 75% of businesses took action to come into compliance within 30 days, as required by law, according to California Attorney General Rob Bonta. The remaining companies were still within the 30 day period or under investigation.

Last month, Bonta announced a survey of company loyalty programs that offer financial incentives, such as discounts, free items or other rewards, in exchange for personal information. He found that the companies failed to tell consumers how they used the information for the company’s financial benefit, as required by law.

“We may not always realize it, but these brick-and-mortar stores are collecting our data — and they’re finding new ways to profit from it,” he said.

Last year, Democratic Colorado Governor Jared Polis signed a similar bill giving people the right to access and delete personal information. The Colorado law, which also allows people to opt out of having their data tracked, profiled and sold, takes effect in 2023.

The Massachusetts bill still needs to be approved by the House and Senate and signed by Republican Gov. Charlie Baker before becoming law.

Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.