Massachusetts privacy bill puts location-data sales on the line

Precise location data may soon become much harder to sell in Massachusetts. The state House passed the Consumer Data Privacy Act in a 146-0 vote, after the Senate’s 40 members had already advanced their own version. The bills now move toward reconciliation in the Senate before heading to the governor.

The bill goes beyond a routine privacy notice. It would block companies from sharing or selling sensitive information without explicit user consent. That bucket includes health, genetic, and fingerprint data, precise geolocation, and markers tied to religion, immigration status, and sexual orientation. The threshold matters: companies handling personal data for more than 100,000 consumers would be covered, which reaches well beyond the largest platforms into the startup and ad-tech layers that trade on behavioral data.

Location data has been one of the clearest weak spots in U.S. privacy law. Apps can collect movement trails, developers can pass that data to brokers, and brokers can repackage it for buyers ranging from advertisers to government-linked customers. TechCrunch notes that the Massachusetts bill applies to residents and visitors, which could make it a broad state-level ban on location-data sales rather than a narrow consumer opt-out rule.

The timing is notable because the U.S. still lacks a national privacy law, and a federal push to ban the sale of sensitive Americans’ data was scrapped under the Trump administration. State law is filling that gap one jurisdiction at a time. If Massachusetts keeps the bill’s location-data language intact through final passage, AI ad targeting, mobile analytics, and data-broker workflows will need a new compliance path for one of the country’s most commercially important states.