The proposed "Minnesota Consumer Data Privacy Act" aims to enhance consumer rights related to personal data and establish obligations for businesses that manage such data. It introduces new definitions for key terms like "personal data," "sensitive data," "controller," and "processor," while outlining the scope of the law to include businesses that handle significant amounts of consumer data, with certain exclusions for government entities and federally recognized tribes. The bill mandates that the Attorney General oversee enforcement, ensuring compliance through data privacy assessments and emphasizing the necessity of consumer consent for data processing.
The legislation delineates specific consumer rights, including access, correction, deletion, and portability of personal data, while also allowing consumers to opt out of targeted advertising and challenge profiling decisions. It requires controllers to respond to consumer requests within 45 days and provides for free information up to twice a year. Additionally, the bill mandates transparency obligations for controllers, including clear privacy notices and limitations on data collection. It establishes penalties for violations and preempts local laws on data processing, with the act set to take effect on July 31, 2025, and extended compliance deadlines for certain educational institutions and nonprofit organizations until July 31, 2029.