The Massachusetts Senate ordered S.2608, the Massachusetts Data Privacy Act, to a third reading and passed the bill to be engrossed after a roll-call vote that recorded 40 members in the affirmative and none in the negative.

The bill, presented as Senate No. 2608 and amended on the floor, would create statutory consumer privacy rights — including access, correction, deletion, data-portability and the right to opt out of sales or targeted advertising — and would ban the sale of certain categories of sensitive data. "Who should own your data? You or the companies tracking you?" Senate Majority Leader Cynthia Stone Cream asked the chamber as she urged passage.

The bill includes a data-minimization requirement limiting collection to information reasonably necessary to provide a requested service; heightened protections for sensitive categories such as biometric identifiers, reproductive and health data, genetic information and precise geolocation; and explicit protections for minors, including a ban on the sale of children’s data and a prohibition on targeted advertising to minors. The bill also directs controllers to perform data-protection assessments for processing activities that present heightened risk and gives the attorney general enforcement authority under Massachusetts unfair- or deceptive-practices law (chapter 93A), including remedies up to $5,000 per violation, injunctive relief and restitution of profits.

Senators debated and the chamber adopted multiple floor amendments before ordering the bill to a third reading. Notable adopted amendments included:
- Amendment 4 (location protections): a ban on the sale of geolocation data for any individual physically present in Massachusetts;
- Amendment 42 (Rausch): requiring the attorney general to consider data breaches when deciding whether immediate enforcement is warranted during the bill’s interim notice period;
- Amendment 52 (Rausch): tightening language to prevent sales of sensitive data as defined in the legislation;
- Amendment 14 (Lewis): provisions enabling opt-out from targeted advertising;
- Amendment 24 (Friedman): affiliate rules as read into the record;
- Amendment 16 (Tarr): an internal-operations exemption permitting internal transfers and processing within entities that collected the data; and
- Amendment 36 (Fernandez): requiring notice and opt-out mechanisms in mergers and acquisitions so users remain protected if data controllers change ownership.

Senators also offered and debated many other amendments; several were rejected or withdrawn on the floor. In floor remarks, Senator Michael O. Moore described the bill as necessary consumer-protection legislation and warned of harms from expansive corporate data collection and weak safeguards. Senator Barry R. Feingold and others emphasized protections for minors, while Senator John F. Keenan and others urged balancing privacy with business and research uses of data.

The clerk called the roll and recorded 40 votes in the affirmative, none in the negative; the chair announced that the bill was passed to be engrossed and ordered to a third reading. The record shows the chamber adopted the Ways and Means substitute amendment and a series of floor amendments before the roll call.