Particle.news
Download on the App Store
3 ARTICLES
·
22h ago

Minnesota’s Consumer Data Privacy Act Takes Effect as Enforcement Begins

Attorney General Keith Ellison will launch compliance tests to measure businesses’ adherence to the new privacy requirements.

Image

Overview

  • Effective July 31, the law grants Minnesota residents Locked+ data rights to list, opt out, copy, know, edit, delete and challenge automated decisions.
  • It applies to businesses processing personal data of at least 100,000 Minnesota residents, those deriving over 25% of revenue from data sales serving 25,000 or more consumers, and certain education technology providers.
  • Controllers must publish clear privacy notices, maintain data inventories and risk assessments, uphold security practices and honor browser opt-out signals under a formal governance program.
  • Consumers have 45 days to receive a response to data requests before they can file complaints with the Minnesota Attorney General’s Office.
  • Businesses will face warning letters and a 30-day cure period through January 31, 2026, after which uncured violations may incur civil fines up to $7,500 per breach.