Minneslate Logo

HF2700 (Legislative Session 94 (2025-2026))

Minnesota Consumer Data Privacy Act modified to make consumer health data a form of sensitive data, and additional protections added for sensitive data.

Related bill: SF2940

AI Generated Summary

Purpose of the Bill

The bill aims to modify the Minnesota Consumer Data Privacy Act to include consumer health data as a form of sensitive data, thereby adding extra protections for such data.

Main Provisions

  1. Definitions of Sensitive Data:

    • Health data is now classified as sensitive data, covering information about an individual's mental or physical health, health conditions, treatments, and biometric data.
    • Geolocation data related to health services or supplies is also considered health data.

  2. Consumer Consent Requirements:

    • Controllers (entities managing data) must obtain explicit consumer consent to process or share sensitive data, with consent forms needing specific disclosures and separate authorization for selling sensitive data.
    • Procedures for revoking consent must be clear and easy for consumers to navigate.

  3. Sale of Sensitive Data:

    • Selling sensitive data is prohibited without a clear, valid authorization from the consumer, which outlines exactly what data is being sold, to whom, and how it will be used.
    • Entities must keep a record of the authorization for six years.

  4. Geofence Restrictions:

    • It is illegal to use geofencing technology around health services to identify, track, or send health-related communications to consumers without consent.

  5. Data Protection and Privacy Policies:

    • Controllers must document privacy protections and conduct regular assessments of how personal data is handled, especially concerning targeted advertising and sensitive data.
    • The bill establishes the Attorney General's right to request these assessments as part of investigations.

  6. Enforcement and Penalties:

    • The Attorney General can issue warning letters for violations, followed by enforcement actions if not resolved within 30 days.
    • Violations can result in civil penalties up to $7,500 per infringement, but there is no private right of action established for consumers.

Significant Changes to Existing Law

  • The legislation integrates consumer health data into the scope of sensitive data, providing heightened protections compared to previous law.
  • It repeals certain sections of the existing law (Minnesota Statutes 2024 section 325M.17).

Relevant Terms

  • Consumer Data Privacy
  • Sensitive Data
  • Health Data
  • Biometric Data
  • Geofencing
  • Consumer Consent
  • Data Controller
  • Attorney General Enforcement

Bill text versions

Actions

DateChamberWhereTypeNameCommittee Name
March 24, 2025HouseFloorActionIntroduction and first reading, referred toJudiciary Finance and Civil Law

Citations

 
[
  {
    "analysis": {
      "added": [
        "Expands on the definition and protection of genetic data inclusively."
      ],
      "removed": [
        ""
      ],
      "summary": "This bill references genetic information as defined in section 13.386 to underline the protection of genetic data.",
      "modified": [
        ""
      ]
    },
    "citation": "13.386",
    "subdivision": "subdivision 1"
  },
  {
    "analysis": {
      "added": [
        ""
      ],
      "removed": [
        ""
      ],
      "summary": "This legislation mentions the meaning of 'trade secret' as previously established.",
      "modified": [
        "Reiterates existing interpretations and protections of trade secrets."
      ]
    },
    "citation": "325C.01",
    "subdivision": "subdivision 5"
  },
  {
    "analysis": {
      "added": [
        ""
      ],
      "removed": [
        ""
      ],
      "summary": "This bill applies additional privacy compliance elements for technology providers under section 13.32.",
      "modified": [
        "Clarifies conflict resolution between sections 13.32 and new amendments."
      ]
    },
    "citation": "13.32",
    "subdivision": ""
  },
  {
    "analysis": {
      "added": [
        ""
      ],
      "removed": [
        ""
      ],
      "summary": "The bill uses 'health records' as defined in section 144.291 to ensure compliance with existing standards.",
      "modified": [
        "Ensures continued alignment with Minnesota Health Records Act definitions."
      ]
    },
    "citation": "144.291",
    "subdivision": "subdivision 2"
  },
  {
    "analysis": {
      "added": [
        ""
      ],
      "removed": [
        ""
      ],
      "summary": "References enforcement of provisions under section 8.31 for legal compliance and actions.",
      "modified": [
        "Sets guidelines for legal actions and penalties."
      ]
    },
    "citation": "8.31",
    "subdivision": ""
  }
]

Progress through the legislative process

17%
In Committee

Sponsors