Purpose of the Bill

The bill aims to enhance consumer protection laws in Minnesota by updating the Minnesota Consumer Data Privacy Act. It focuses on expanding the definition of sensitive data to include consumer health data, implementing additional protections for this category, and establishing clear guidelines for processing and selling consumers' sensitive information.

Main Provisions

• Definitions Update: The bill expands definitions related to consumer data, specifying what constitutes sensitive data, biometric data, and health data. It provides detailed descriptions to ensure clarity in what is covered under these terms.
• Sensitive Data Protections: Sensitive data, including consumer health data, is given special protection. Controllers are required to obtain explicit consent from consumers before processing or sharing sensitive data.
• Consent Requirements: Stronger requirements for consent are established, emphasizing that consent must be freely given, specific, informed, and unambiguous. Any consent gathered under misleading interfaces (dark patterns) is deemed invalid.
• Data Sale and Sharing: Selling or offering to sell sensitive data without prior authorization from the consumer is prohibited. The bill includes detailed conditions for valid authorization.
• Geofencing Restrictions: The use of technology to track or target consumers based on their location is restricted around locations providing in-person healthcare services.
• Data Privacy Assessments: The bill mandates that businesses conduct and document data privacy and protection assessments for certain data processing activities, especially those involving sensitive data or presenting high risks to consumers.

Significant Changes to Existing Law

• Inclusion of Health Data as Sensitive Data: Consumer health data is officially categorized as sensitive, bringing it under stricter regulatory provisions.
• Expanded Scope for Business Compliance: Legal entities must adhere to updated requirements if engaging in the processing of sensitive data in Minnesota. They must also ensure compliance when targeting Minnesota residents with their products or services.
• Attorney General Enforcement: The bill grants enforcement power to the Minnesota Attorney General, with the ability to issue warning letters and pursue civil actions against violators. It clarifies that no private right of action is established by these changes.

Relevant Terms

consumer protection, sensitive data, consumer health data, consent, biometric data, data privacy assessments, geofencing, dark patterns, attorney general enforcement, Consumer Data Privacy Act.