The Minnesota Consumer Data Privacy Law (Part One): What Businesses Should Know featured image

The Minnesota Consumer Data Privacy Law (Part One): What Businesses Should Know

by John DiGiacomo

Partner

Internet Law

In May 2024, Minnesota was the 19th State to enact a consumer data privacy statute called the Minnesota Consumer Data Privacy Act (“MCDPA”). For most businesses, the MCDPA will become effective at the end of July 2025. The mandates and obligations imposed by the MCDPA on covered businesses are numerous. As such, we will split this article into two parts. In this Part One, the Consumer Data Protection Attorneys at Revision Legal discuss the portion of the MCDPA mandates related to consumers.

Like most of these State-level consumer data protection statutes, the focus is on data “controllers” and “processors” along with various “rights” given to consumers with respect to how their data is collected, processed, shared, and stored. The MCDPA applies in a manner that is similar to other statutes of this kind. That is, the Act applies to persons and entities that conduct business in Minnesota or that target Minnesota residents and that meet either of the following:

  • Controls or processes data of 100,000 Minnesota consumers (except where processing is only for completing a payment transaction and the consumer data is not retained) OR
  • Derives more than 25% of gross revenue from the sale of personal data AND processes or controls the personal data of at least 25,000 Minnesota consumers

As with all of these statutes, certain types of businesses, such as banks, many health-related entities, governments, etc., are excluded. The MCDPA also partially exempts small businesses (as such are defined by the U.S. Small Business Administration). However, these small businesses are not entirely exempt, so, for example, they must still obtain consumer consent before selling consumer “sensitive data.” Also notable is the lack of exemption for non-profit entities and the explicit inclusion of “technology providers” for colleges, universities, and other higher education entities. This is something new in the MCDPA and is only vaguely defined.

These statutes also typically exclude various categories of data from coverage, and the usual exclusions are found in the MCDPA. Like most of these Statutes, personal data collected from consumers is covered by the MCDPA but not if the consumer is acting in a commercial or employment capacity.

In terms of consumer-facing mandates, the MCDPA requires that controllers of data provide notices and disclosures to consumers, obtain consent from consumers for certain types of processing, and honor certain consumer rights granted by the Act. Some of these rights allow consumers to make requests for data controllers (such as a request to know what data has been collected about a consumer). The MCDPA mandates that businesses respond quickly to these requests (45 days) and to create and maintain a process for consumers to appeal the denial of any request.

The list of consumer rights included in the MCDPA is typical of these statutes. However, the MCDPA has added another set of consumer rights when profiling is used in automated decision-making. Examples might include a consumer request for credit or insurance. When this type of process is used, the MCDPA gives consumers several additional rights:

  • To request information about the decision-making process
  • To be informed why the automated decision-making process using profiling resulted in the decision that was made
  • To be informed of any actions or behaviors that the consumer might have taken or might take in the future to obtain a different result
  • To obtain a reevaluation of the decision if the consumer accesses and corrects incorrect data

This set of consumer rights and mandates on data controllers is not present in any similar statute. Businesses that use an automated decision-making process using profiling must provide a mechanism for a consumer to activate these rights.

In Part Two of this article, we will examine other compliance obligations imposed by the MCDPA.

Contact the Consumer Data Privacy and Compliance Attorneys at Revision Legal

For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side