The Massachusetts Consumer Data Privacy Act proposed in this bill establishes a comprehensive framework for consumer data protection, emphasizing the necessity of obtaining "Affirmative Consent" from consumers before collecting or processing their personal data. It defines key terms such as "Affiliate," "Consumer," and "Personal Data," and outlines consumer rights, including the ability to refuse consent and access, correct, delete, or opt out of data collection. The bill also categorizes sensitive data, such as health-related and geolocation information, which require heightened protection, and sets guidelines for the permissible sale and processing of personal data by businesses.

Additionally, the bill introduces regulations for targeted advertising, requiring businesses to provide clear disclosures and respond to consumer requests in a timely manner. It allows consumers to designate authorized agents to act on their behalf and mandates that controllers verify identities. The bill also requires data protection assessments for high-risk processing activities, which must be reported to the attorney general. Furthermore, it addresses the handling of de-identified data, ensuring technical measures to prevent re-identification, and grants the attorney general enforcement authority, including the ability to impose penalties for violations. Overall, the act aims to enhance consumer privacy protections and promote responsible data management practices in Massachusetts.