HF4661

Automated license plate reader provisions updated to address the role of third-party service providers.
Legislative Session 94 (2025-2026)

Related bill: SF4850

AI Generated Summary

Purpose

Clarify and strengthen how Automated License Plate Readers (ALPRs) are used by law enforcement in Minnesota, especially regarding data sharing with third-party service providers. The bill aims to improve transparency, accountability, and privacy protections by adding clearer definitions, auditing requirements, access controls, and oversight.

Key Definitions

Automated license plate reader (ALPR): A device (mounted on a patrol vehicle or placed in a stationary spot) that records data or photographs of vehicles/plates to compare with law enforcement databases for investigations. Includes devices owned or operated by non-government entities if the data are shared with a law enforcement agency. Excludes traffic safety camera systems.
Share / Sharing access or accessing: Any action by which ALPR data are made available to or queryable by another person or entity, including through third-party platforms, databases, or multiagency/nationwide search capabilities.
Third-party service provider: An outside entity that a law enforcement agency contracts with or uses to collect, create, receive, maintain, or disseminate the agency’s ALPR data on the agency’s behalf.
Traffic safety camera system: A system defined separately in statute (not considered an ALPR under this section).

Main Provisions

Definitions and scope (Sec. 1)
- Updates define ALPR, sharing, and third-party service providers to cover data sharing with non-government partners when used by law enforcement.
- Makes clear that traffic safety camera systems are distinct from ALPRs.
Auditing and oversight (Sec. 2)
- Biennial independent audits: LEAs must conduct independent audits every two years to verify data classification, data use, destruction per requirements, and overall compliance with ALPR data laws.
- Access for audits: Auditors must have full access to all records, logs, audit trails, query histories, and systems containing ALPR data, including those maintained by third-party providers.
- Consequences for noncompliance: If serious or ongoing noncompliance is found, the commissioner of administration may order additional audits or remedial actions; data may be suspended if a pattern of noncompliance is identified until authorized to reinstate.
- Public results: Audit results are public. A summary report is due to appropriate legislative bodies within 30 days after each audit, and the commissioner reviews the results.
Access controls and data handling (Sec. 3)
- Authorization to access: LEA personnel must obtain written authorization from the chief of police, sheriff, or head of the agency (or designee) to access ALPR data for a legitimate, specified, documented law enforcement purpose.
- Suspect-based access: Access must be based on reasonable suspicion that data relate to an active criminal investigation, with a documented factual basis and case/incident reference.
- Role-based access and audit trails: Access rights must be limited to role-based levels, aligned with duties and training, and all queries/actions must be recorded in a data audit trail. Audit trails are public to the extent allowed by law.
- External access and third parties: Access by anyone outside the agency (including third-party providers) must be authorized in writing by the agency head or designee. The agency remains responsible for ensuring full compliance, even when a third-party provider is involved.

Significant Changes to Existing Law

Introduces explicit requirements for independent biennial audits of ALPR data practices, including access to data held by third-party providers.
Requires public reporting of audit results to legislative committees and relevant data/privacy bodies.
Tightens control over access to ALPR data with written authorizations, documented reasonable-suspicion basis, and role-based access limitations.
Establishes data audit trails for all ALPR data queries/updates/accesses/disseminations, with public-facing aspects where permissible.
Allows suspension of ALPR operations if there is a pattern of substantial noncompliance, until authorized to resume.
Expands definitions to include sharing and third-party providers, clarifying that ALPR data can be shared with non-government entities when necessary for enforcement.

Oversight and Accountability

The commissioner of administration has oversight authority to order additional audits or remedial actions if needed.
Public audit results increase transparency about how ALPR data are used and destroyed.
The bill places responsibilities on the LEA leadership to ensure compliance, including with third-party providers.

Overall Impact

Strengthens privacy protections and accountability for ALPR data.
Increases transparency through public audits and reporting.
Tightens control over who can access ALPR data and under what circumstances.
Enhances coordination with third-party service providers while maintaining agency responsibility for compliance.

Relevant Terms - ALPR (Automated license plate reader) - Automated license plate reader data - Third-party service provider - Share / sharing access - Traffic safety camera system - Data practices - Biennial independent audit - Data classification - Data audit trail - Access authorization - Written authorization - Reasonable suspicion - Active criminal investigation - Role-based access - Data dissemination - Audit logs - Commissioner of administration - Public audit results

Bill text versions

Introduction PDF PDF file

Actions

Date	Chamber	Where	Type	Name	Committee Name
March 25, 2026	House		Action	Introduction and first reading, referred to	Judiciary Finance and Civil Law

Citations

[
  {
    "analysis": {
      "added": [
        "Definitions for Automated license plate reader, Share (sharing access or accessing means), Thirdparty service provider, and Traffic safety camera system."
      ],
      "removed": [
        "No explicit removals identified in this subdivision from the provided text."
      ],
      "summary": "This bill amends Minnesota Statutes 2024 section 13.824, subdivision 1 to redefine automated license plate reader terms and related concepts, including data sharing with third-party service providers.",
      "modified": [
        "Subdivision 1 is amended to broaden/clarify definitions to include third-party data sharing and related concepts."
      ]
    },
    "citation": "13.824",
    "subdivision": "subdivision 1"
  },
  {
    "analysis": {
      "added": [
        "Requirement for an independent biennial audit of LPR records, including data classification, data usage, and destruction compliance; auditor access to records, logs, and systems including those maintained via third-party providers.",
        "Public availability of audit results; potential for administration-ordered additional audits if noncompliance is detected."
      ],
      "removed": [
        "No explicit removals identified."
      ],
      "summary": "This bill adds and details a biennial audit requirement for automated license plate reader (LPR) data records and access for independent auditors, including those engaged via third-party service providers.",
      "modified": [
        "Expanded audit framework and transparency requirements for LPR data."
      ]
    },
    "citation": "13.824",
    "subdivision": "subdivision 6"
  },
  {
    "analysis": {
      "added": [
        "Written authorization required for access to LPR data by agency personnel; access restricted to legitimate purposes.",
        "Role-based access controls tied to official duties; comprehensive data audit trails for queries and actions.",
        "Explicit requirements governing access or queries by persons outside the agency, including third-party service providers."
      ],
      "removed": [
        "No explicit removals identified."
      ],
      "summary": "This bill enhances authorization and controls around access to automated license plate reader data, including requirements for written authorization, role-based access, and data audit trails; clarifies handling of third-party provider access.",
      "modified": [
        "Strengthened access controls and auditing obligations; agency remains responsible for compliance even when using third-party providers."
      ]
    },
    "citation": "13.824",
    "subdivision": "subdivision 7"
  },
  {
    "analysis": {
      "added": [],
      "removed": [],
      "summary": "The bill references the meaning of 'traffic safety camera system' as defined in Minnesota Statutes section 169.011, subdivision 85a; this is a cross-reference rather than a substantive change to 169.011.",
      "modified": [
        "Cross-references 169.011 subdivision 85a to define traffic safety camera system within the automated license plate reader framework; no direct modification of 169.011."
      ]
    },
    "citation": "169.011",
    "subdivision": "subdivision 85a"
  },
  {
    "analysis": {
      "added": [],
      "removed": [],
      "summary": "The bill requires compliance with Minnesota Statutes 13.05, subdivision 5 in the operation of automated license plate readers.",
      "modified": [
        "Reinforces requirement to operate LPRs in accordance with 13.05 subdivision 5."
      ]
    },
    "citation": "13.05",
    "subdivision": "subdivision 5"
  },
  {
    "analysis": {
      "added": [],
      "removed": [],
      "summary": "The bill requires compliance with Minnesota Statutes 13.055 in the operation of automated license plate readers.",
      "modified": [
        "Reinforces requirement to operate LPRs in accordance with 13.055."
      ]
    },
    "citation": "13.055",
    "subdivision": ""
  }
]

Progress through the legislative process

17%

In Committee