The Massachusetts Consumer Data Privacy Act establishes a comprehensive framework for the protection of consumer data, defining key terms such as "consumer," "personal data," and "sensitive data." The Act requires consumers to provide clear and informed affirmative consent before their personal data can be collected, processed, or sold, and mandates accessible disclosures for consumers, particularly those with disabilities. It identifies sensitive data types, including health-related information and precise geolocation data, which require enhanced protection. The bill also outlines the obligations of large data holders and aims to enhance consumer privacy rights while holding businesses accountable for their data handling practices.

Additionally, the bill introduces regulations for targeted advertising and the handling of personal data, specifying consumer rights to access, correct, delete, and opt out of data collection. It mandates timely responses to consumer requests and prohibits discrimination based on protected characteristics. Controllers are required to verify the identity of consumers and their authorized agents, limit data collection to necessary information, and maintain robust data security practices. The legislation also emphasizes the importance of data protection assessments, which must be documented and submitted to the attorney general, ensuring transparency and compliance. Overall, the Act aims to enhance consumer privacy rights and establish clear guidelines for data handling in the digital age.