The proposed Minnesota Age-Appropriate Design Code Act aims to enhance the protection of children's personal data in online services by imposing strict obligations on businesses that cater to this demographic. Key requirements include conducting data protection impact assessments prior to launching new offerings, biennially reviewing these assessments, and ensuring privacy settings are configured to safeguard children's data. The bill also mandates that businesses provide clear privacy information and implement mechanisms for children and their guardians to exercise their privacy rights. Specific definitions related to consumer data, such as "child," "personal data," and "dark pattern," are established, along with thresholds for business compliance based on revenue and data handling practices.

Enforcement of the regulations will be overseen by the attorney general, who is authorized to impose civil penalties for violations, ranging from $2,500 for negligent breaches to $7,500 for intentional violations per affected child. The attorney general must provide written notice of any violations, allowing businesses a 90-day period to address issues before penalties are enforced. The act is scheduled to take effect on July 1, 2024, with a requirement for businesses to complete data protection impact assessments for existing services by July 1, 2025, unless exempt.