The proposed "Minnesota Consumer Data Privacy Act" aims to enhance consumer rights related to personal data and establish obligations for businesses that handle such data. The bill introduces new legal definitions for terms like "personal data," "sensitive data," "controller," and "processor," and outlines its application to entities conducting business in Minnesota that meet specific data processing thresholds. It also specifies exemptions for certain entities, such as government bodies and protected health information. The attorney general is empowered to enforce compliance with the new regulations, which include provisions for data privacy assessments and emphasize the necessity of consumer consent for data processing.

Key provisions of the bill include the establishment of distinct responsibilities for controllers and processors, consumer rights to access, correct, delete, and obtain personal data in a portable format, and the requirement for controllers to respond to consumer requests within 45 days. The bill mandates transparency obligations, including clear privacy notices and the need for consent before processing sensitive data. It also addresses small businesses, requiring prior consent before selling sensitive data. The legislation outlines penalties for violations, including civil penalties of up to $7,500 per violation, and clarifies that its provisions preempt local laws and do not allow for private rights of action. The act is set to take effect on July 31, 2025, with an extended compliance deadline for certain entities.