The Software & Information Industry Association (SIIA) has expressed concerns about the Massachusetts Information Privacy and Security Act (MIPSA) in our written testimony on Senate Bill S.227.
SIIA argues that MIPSA’s definitions, particularly of “sale” and “targeted cross-contextual advertising,” create confusion, encompassing advertising in various provisions and unnecessarily complicating the bill. Departing from existing norms, the inclusion of separate definitions for “targeted cross-contextual advertising” and “targeted first-party advertising” is criticized for its narrow scope and potential harm to first-party retargeting.
Moreover, MIPSA deviates from US privacy laws by importing GDPR principles, leading to compliance challenges for businesses. Plenary rulemaking authority granted to the Attorney General and a private right of action are deemed problematic. The former introduces a “moving target” for compliance, and the latter, based on studies, is seen as a tool to harass businesses without substantial benefit to consumers.
The SIIA urges reconsideration of these aspects, emphasizing the potential negative impact on businesses and innovation in Massachusetts.