Concord Privacy News: 8/7/2025
Minnesota Data Privacy Law Takes Effect
Minnesota residents gained powerful new digital privacy rights as the Minnesota Consumer Data Privacy Act officially took effect on July 31, making it one of the strongest data protection laws in the United States.
What This Means for You
The comprehensive legislation puts Minnesotans in the driver's seat when it comes to their personal data—everything from basic contact information to detailed search histories and browsing patterns.
New rights under the law include:
- Know what's collected: Consumers can request a complete list of personal data any business has gathered about them
- Track data sales: Consumers can see exactly which third parties have purchased or received their information
- Correct inaccuracies: Consumers can edit or update incorrect information in company databases
- Delete data: Consumers can ask businesses to permanently remove their personal information
- Stop targeted ads: Consumers can opt out of having their data used for personalized advertising
- Protect your children: Businesses must obtain parental consent before selling data or targeting ads to anyone under 16
Fighting Back Against Data Profiling
One of the law's most innovative features addresses "data profiling"—when companies use personal information to make predictions about individual consumer behavior. Under the new protections, consumers can opt out of profiling that could impact major life decisions around housing, employment, and other significant opportunities.
"We cannot and should not just think that violations and invasions of our privacy are just the way it is in this modern time," Attorney General Keith Ellison emphasized at a recent press conference. "We have a right to our privacy, and we have to protect it."
Taking Aim at Data Brokers
The legislation specifically targets data brokers—companies that specialize in collecting, storing, and selling personal information. These often-invisible middlemen in the digital economy will now face strict oversight and accountability measures. Small businesses, however, are exempt from the new requirements.
How It Happened
The law represents years of persistent effort by Rep. Steve Elkins (DFL-Bloomington), who began crafting privacy legislation during his first year in office in 2019. The bill ultimately gained bipartisan support in committee before being signed into law in May 2024.
Minnesota became the 19th state to enact comprehensive data protection legislation, drawing inspiration from privacy laws already implemented across the country.
The new protections represent a significant shift toward putting consumers back in control of their digital footprint in an era of unprecedented data collection and use.
Other Privacy News of Note
GDPR’s 7th Anniversary: In the AI Age, Privacy Legislation is Still Relevant
It’s been slightly more than seven years since GDPR came into force - a key moment that reshaped how organisations approach data protection. We’ve seen UK businesses of all sizes refine their data strategies, audit their processes, and think more carefully about the impact of every bit and byte they collect. As we started to get more comfortable with the post-GDPR landscape, AI has now entered the frame. Read more.
More Than 90 State, Local Governments Targeted Using Microsoft SharePoint Vulnerability, Group Says
More than 90 state and local governments have been targeted using the recently revealed vulnerability in Microsoft server software, according to a U.S. group devoted to helping local authorities collaborate against hacking threats. The nonprofit Center for Internet Security, which houses an information-sharing group for state, local, tribal, and territorial government entities, provided no further details about the targets, but said it did not have evidence that the hackers had broken through. Read more.
