Privacy Laws Minnesota

Minnesota Consumer Data Privacy Act

MNCDPA

Includes unique profiling protections and broad sensitive data definition. First state to include data inventorying requirements.

Effective Date

2025-07-31

Enforcement

Attorney General

Consumer Threshold

100,000 consumers

Revenue Threshold

No threshold

Key Requirements

Privacy notice

Right to access, correct, delete personal data

Right to data portability

Right to opt-out of sale, targeted advertising, profiling

Right to question profiling results

Data protection assessments

Consent for sensitive data

Data inventory requirements

Universal opt-out recognition

Up to $7,500 per violation.

30-day cure period

Data inventorying requirement is unique. Must be able to explain profiling decisions.