Effective July 31, 2025

Minnesota Consumer Data Privacy Act (MNCDPA)

A practical compliance guide for website owners. Learn what Minnesota's privacy law requires and how to implement it on your site.

Who Must Comply

Conducts business in Minnesota or targets Minnesota residents AND controls/processes personal data of 100K+ consumers, OR controls/processes data of 25K+ consumers and derives 25%+ of gross revenue from selling personal data

Consent model: Opt-outSensitive data: Opt-in required

What Your Website Must Do

Requirement	Status
Cookie consent banner	Recommended
Do Not Sell link	Required
Do Not Share link	Required
Honor GPC browser signals	Recommended
Universal opt-out mechanism	Not required
Sensitive data opt-in consent	Required

Required Links & Notices

The MNCDPA requires the following links or notices to be visible on your website:

1Do Not Sell or Share My Personal Data
2Privacy Policy

Enforcement & Penalties

Enforcement Body

Minnesota Attorney General

Maximum Penalty

$7,500 per violation. 30-day cure period (sunset July 2026).

Key Things to Know

Minnesota's privacy law includes some consumer-friendly provisions that go beyond the Virginia model. It covers profiling protections, includes data "sharing" alongside "selling," and has a limited data minimization concept.

Profiling protections: Minnesota provides specific rights around profiling, including the right to opt out of profiling that produces legal or similarly significant effects. This mirrors some GDPR provisions.

Data sharing: Like California, Delaware, and Maryland, Minnesota covers "sharing" of personal data in addition to "selling," broadening the scope of opt-out requirements.

How to Configure LegalBanner for MNCDPA

1
Create your site
Sign up for free and add your website domain in the dashboard.
2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches Minnesota's requirements.
3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
4
Generate your Privacy Policy
Use the built-in policy wizard to generate a MNCDPA-compliant privacy policy.

Set up MNCDPA compliance in 5 minutes

LegalBanner handles Minnesota privacy requirements automatically — cookie banner, opt-out links, and GPC support included.

Start free trial See how it works

Frequently Asked Questions

When does the Minnesota MNCDPA take effect?

The MNCDPA takes effect July 31, 2025.

Does Minnesota cover data 'sharing'?

Yes. Minnesota covers both sale and sharing of personal data, providing broader consumer protections than states that only cover 'sale.'

What profiling protections does Minnesota provide?

Consumers can opt out of profiling that produces legal or similarly significant effects. Businesses must provide notice when engaging in such profiling and offer an opt-out mechanism.

Does Minnesota require honoring GPC signals?

The MNCDPA does not explicitly require GPC support, but implementing it is recommended best practice.

What are the penalties for MNCDPA violations?

Up to $7,500 per violation. The 30-day cure period sunsets in July 2026, after which the AG can take direct enforcement action.

Disclaimer: This page provides practical implementation guidance only. It does not constitute legal advice. The information is current as of the most recent review date but privacy laws change frequently. Consult a qualified attorney for legal advice specific to your situation. LegalBanner provides compliance tools, not legal counsel.