REPORT: States are getting Fs for privacy

Media Contacts

Massachusetts has opportunity to earn A and protect consumers’ personal data

 BOSTON – Nearly half of states that have passed consumer privacy laws get a failing grade for protecting consumers’ data, finds a new scorecard report from MASSPIRG Education Fund and Electronic Privacy Information Center (EPIC). Massachusetts is currently considering a bill that would earn an A for protecting consumers’ personal data, and be the strongest in the nation.

Tech, financial, retail, travel, streaming, and other companies’ harvesting of personal information including demographics and browsing and search history has attracted more attention in recent years. Over 80% of Americans are concerned how companies collect and use their data.

The more data companies collect, and the more other companies they share it with, the more likely it is that your information will be exposed in a breach or a hack and end up in the hands of identity thieves, scammers, or on robocall lists.

“The best thing for consumers is minimizing the amount of information companies are allowed to collect upfront,” said Deirdre Cummings, Consumer Program Director, MASSPIRG Education Fund. “The easiest data to keep secure is data that isn’t collected in the first place. Unfortunately, there’s not a consumer privacy law in the country that does this as well as it should. The consumer privacy laws that are passing in most places are a bad deal for consumers.”

Since 2018, 44 states have considered consumer privacy bills that purportedly aim to protect consumers’ security and privacy. Many of these bills, however, have been heavily influenced by companies such as Amazon, leading to significantly weakened consumer protections across the country.

Massachusetts currently has the most comprehensive state data security law in the country, but has yet to pass a comprehensive consumer privacy law. The Massachusetts Data Protection and Privacy Act, H.83 & S.25 filed by Sen. Creem and Rep. Vargas would require companies to limit data harvesting to only what’s necessary to deliver the service a consumer is expecting to get, better protecting consumers’ security and privacy than any comprehensive privacy laws that have been passed to date. This bill would earn an A on the scorecard.

“I was proud to file the Massachusetts Data Privacy Protection Act (MDPPA), because our current data privacy protections are nowhere near adequate and leave us vulnerable to bad actors using our data in predatory ways,” said Senate Majority Leader Cindy Creem (D-Newton). “This legislation is an opportunity for Massachusetts to lead in this area and protect our residents’ personal information from being exploited.”

“The Massachusetts Data Protection and Privacy Act would set a strong national precedent,” said Caitriona Fitzgerald, deputy director of EPIC. “Massachusetts has the opportunity to disrupt the national trend of bad privacy bills and be a real leader.”

The Massachusetts Data Privacy and Protection Act is pending before the Joint Committee on Advanced Information Technology, the Internet and Cybersecurity.


Reminder for reporters: Join the authors of the report as they release their findings and take questions on a national webinar today at 1pm ET.

Zoom – register here for link: