offered by
related to

Massachusetts law about internet and online privacy

A compilation of laws, regulations, cases, and web sources on internet and online privacy law.

Table of Contents

Massachusetts laws

MGL c.4 s. 7 Definition of Public Record
MGL c. 66A Fair Information Practices Act
MGL c.214 s.1B Right to Privacy
MGL c.214 s.3B Violations of Chapter 66A; Statute of Limitations
MGL c.272 s. 99 Interception of Wire and Oral Communications

Massachusetts regulations

201 CMR 17 Standards for the protection of personal information of residents of the Commonwealth

801 CMR 3 Privacy and confidentiality

Federal laws

5 USC 552a Privacy Act
15 USC 6501-6506 Children's Online Privacy Protection Act
15 USC 6801 Gramm-Leach-Bliley Act [Privacy Rule]
18 USC 1030 Computer Fraud and Abuse Act
18 USC 2510-2521 Wiretap Act
18 USC 2701-2711 Electronic Communications Privacy Act

Federal regulations

16 CFR 312 Children's Online Privacy Protection Rule

16 CFR 313 Privacy of Consumer Financial Information

Selected case law

Cell phone searches

Carpenter v. United States, __ US __ (2018)
A warrant is required to obtain a suspect's historical cell phone location information. 
An "order issued under § 2703(d) of the [Stored Communications] Act, [ 18 U.S.C.S. § 2703(d)] is not a permissible mechanism for accessing historical cell-site records."

Commonwealth v. Augustine, 467 Mass. 230 (2014)
A warrant is generally required for historical cell site location information (CSLI). This information is a business record of the service provider, but the user of the phone still has a reasonable expectation of privacy in it.

Commonwealth v. Dorelas, 473 Mass. 496 (2016)
Police armed with a warrant to search a defendant's cell phone for communications were also permitted to search photograph files on the phone.

Commonwealth v. Estabrook, 472 Mass. 852 (2015).
A "request for historical CSLI [cellular site location information] for a period covering six hours or less does not require a search warrant in addition to a [18 USC] § 2703(d) order....This exception to the warrant requirement for CSLI applies only to 'telephone call' CSLI,..., and not to 'registration' CSLI. 'Telephone call' CSLI indicates the 'approximate physical location . . . of a cellular telephone only when a telephone call is made or received by that telephone.' ...By contrast, 'registration' CSLI 'provides the approximate physical location of a cellular telephone every seven seconds unless the telephone is 'powered off,' regardless of whether any telephone call is made to or from the telephone.'

Riley v. California, 573 US __ (June 25, 2014).
Warrantless search of cell phone incident to arrest is unconstitutional. "The police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested."

Other topics

Ajemian v. Yahoo!, 478 Mass. 169 (2017)
The "Stored Communications Act (SCA), 18 U.S.C. §§ 2701 et seq., does not prohibit... Yahoo from disclosing to the personal representatives of an estate the electronic mail (e-mail) messages in the decedent's account." 

Commonwealth v. Gelfgatt, 468 Mass. 512 (2014). 
Criminal defendant can be compelled to disclose the encryption key to computer files.

In re Doubleclick, Inc., 154 F.Supp.2d 497 (2001). 
In class action suit brought by Internet users, court decided, among other rulings, that Electronic Communications Privacy Act's protections did not extend to corporation's "cookies."

United States v. Councilman, 418 F.3d 67 (1st Cir., 2005). 
The Wiretap Act, 18 USC 2511, applies to electronic communications held in storage.


Electronic Privacy Information Center (EPIC)
1718 Connecticut Ave., NW, Suite 200
Washington, DC 20009
(202) 483-1140

A public interest research center in Washington DC, established in 1994. Its website includes resources and guides with bill tracking of federal legislation and The EPIC Alert, a newsletter concerning civil rights in the information age.

Federal Trade Commission's Privacy Initiative
600 Pennsylvania Avenue, NW
Washington, DC 20580
(202) 326-2222

The website offers copies of the FTC's Online Privacy Reports to Congress and information regarding identity theft.

Web sources

Complying with COPPA: Frequently Asked Questions: A guide for business and parents and small entity compliance guide, Federal Trade Commission, March 2015
Includes general information, parents' rights, schools, and more

OnGuard Online
Provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information

Privacy Rights Clearinghouse: Online privacy consumer guides. Includes:

  • Smartphone Privacy
  • Online Harassment & Cyberstalking
  • Online Privacy: Using the Internet Safely
  • Online Shopping Tips
  • Social Networking Privacy: How to be Safe, Secure and Social
  • Securing Your Computer to Maintain Your Privacy
  • Mobile Health and Fitness Apps: What Are the Privacy Risks?
  • Online Harassment & Cyberstalking
  • Anti-Spam Resources

Print sources

Computer Law: a guide to cyberlaw and data privacy, Matthew Bender, chapters 63, 64, 66.

Internet Law and Practice, Thomson/West, loose-leaf.

Internet Law and Regulation, Pike & Fischer, loose-leaf, see chapter entitled "Privacy"

Law of the Internet, by F. Lawrence Street, Lexis-Nexis, loose-leaf, Chapter 2



Within Massachusetts only

Within Massachusetts only


Reference librarians online Chat with a law librarian 
Reference librarians via email


Administrative office (no law library at this location)
2 Center Plaza
9th Floor
Boston, MA 02108
Last updated: July 5, 2018