Minnesota Consumer Privacy Act (MCPA) Cheat Guide

Table of Contents

More data privacy laws are coming in state by state while we wait for the potential Federal ADPA to be passed. Below is a cheat guide with bullet points to help explain the provisions and obligations for the Minnesota Consumer Privacy Act which will go into effect on July 31st of next year.


  • Approval and Effective Date: The Minnesota Consumer Privacy Act (MCPA) was approved and will take effect on July 31, 2025.
  • Purpose: The MCPA aims to regulate the processing of personal data and establish consumer data rights, following the trend set by other US privacy legislations.

Key Provisions:

  • Consumer Rights:
    • Right to Access: Consumers can request access to their personal data held by businesses.
    • Right to Rectification: Consumers have the right to correct inaccurate personal data.
    • Right to Erasure: Consumers can request the deletion of their personal data.
    • Right to Data Portability: Consumers can request their personal data in a portable and readily usable format.
    • Right to Opt-Out: Consumers have the right to opt-out of the sale of their personal data and targeted advertising.
    • Right to Contest Profiling Decisions: Unique to the MCPA, consumers can contest automated decisions made through profiling that significantly affect them.
  • Obligations for Businesses:
    • Transparency: Businesses must provide clear and concise information about their data processing activities.
    • Data Minimization: Personal data collected should be limited to what is necessary for the purposes for which it is processed.
    • Security Measures: Businesses are required to implement appropriate technical and organizational measures to secure personal data.
    • Accountability: Businesses must be able to demonstrate compliance with the MCPA through documentation and regular assessments.

Enforcement and Penalties:

  • Regulatory Authority: The Minnesota Attorney General’s Office is responsible for enforcing the MCPA.
  • Penalties: Non-compliance can result in significant fines and legal action. The act provides for both civil penalties and remedies for affected consumers.

Comparative Context:

  • Alignment with Other US Privacy Laws: Similar to the California Consumer Privacy Act (CCPA), CPRA, and the Virginia Consumer Data Protection Act (VCDPA), the MCPA regulates personal data processing and establishes consumer data rights.
  • Unique Provisions: The MCPA introduces the right to contest profiling decisions, which is not commonly found in other US state privacy laws, marking a distinctive approach in addressing consumer concerns about automated decision-making.

Implications for Businesses:

  • Compliance Requirements: Businesses operating in Minnesota or processing the personal data of Minnesota residents need to review and update their data privacy policies and practices to ensure compliance by the effective date.
  • Consumer Interaction: Enhanced consumer rights under the MCPA will require businesses to implement mechanisms for handling consumer requests and complaints effectively.

Future Outlook:

  • Influence on Federal Legislation: The MCPA may influence future federal privacy legislation by setting precedents for consumer rights and business obligations.
  • Evolution of Privacy Norms: As states continue to enact privacy laws, the MCPA contributes to the evolving landscape of data privacy norms in the United States, potentially leading to a more harmonized approach to consumer data protection nationwide.

Online Privacy Compliance Made Easy

Captain Compliance makes it easy to develop, oversee, and expand your privacy program. Book a demo or start a free 30-day trial now.