Particle.news
Download on the App Store
3 ARTICLES
·
3w ago

Minnesota’s Consumer Data Privacy Act Takes Effect as Enforcement Begins

Attorney General Keith Ellison will launch compliance tests to measure businesses’ adherence to the new privacy requirements.

Image

Overview

  • Effective July 31, the law grants Minnesota residents Locked+ data rights to list, opt out, copy, know, edit, delete and challenge automated decisions.
  • It applies to businesses processing personal data of at least 100,000 Minnesota residents, those deriving over 25% of revenue from data sales serving 25,000 or more consumers, and certain education technology providers.
  • Controllers must publish clear privacy notices, maintain data inventories and risk assessments, uphold security practices and honor browser opt-out signals under a formal governance program.
  • Consumers have 45 days to receive a response to data requests before they can file complaints with the Minnesota Attorney General’s Office.
  • Businesses will face warning letters and a 30-day cure period through January 31, 2026, after which uncured violations may incur civil fines up to $7,500 per breach.