Minnesota Consumer Data Privacy Act (“MCDPA”)
Information for Businesses •
Controller Responsibilities •
Processor Responsibilities •
Exemptions •
Criteria
Privacy Notice
The privacy notice controllers must provide to consumers must include:
- The categories of personal data processed by the controller;
- The purposes for which the categories of personal data are processed;
- An explanation of the rights provided to the consumer by the Act, specifically those rights found in section 325M.14;
- An explanation of how and where consumers may exercise the rights found in section 325M.14, and how and where consumers may appeal;
- The categories of personal data the controller sells to or shares with third parties;
- The categories of third parties with whom the controller sells or shares personal data;
- The controller’s contact information, including an active email address or other online mechanism that the consumer may use to contact the controller;
- A description of the controller’s retention policies for personal data; and
- The date on which the privacy notice was last updated.
If the controller sells personal data to third parties, processes personal data for targeted advertising, or engages in profiling in furtherance of decisions that produce legal effects concerning a consumer or similarly significant effects concerning a consumer, the controller must disclose the processing in the privacy notice and provide access to a clear and conspicuous method outside of the privacy notice for a consumer to opt out. The Act’s text suggests, but does not require, a hyperlink clearly labeled with something like “Your Privacy Rights,” which would take the clicking consumer to a website where the consumer may make a request to the controller under the Act.
Disclaimer: The Attorney General’s Office (“AGO”) is providing this page as a rough guide to explore rights and obligations pursuant to the Act. In many instances, this website simplifies or rewords the provisions of the Act for comprehension and readability. The website is not intended to provide guidance as to how the AGO would enforce the Act. It is not the AGO’s intention to provide any information on this website that would conflict with the Act. The AGO offers this website as a tool for exploring the Act, but nothing on this site should be construed as legal advice for interpreting the Act or how the Act might be enforced.
