Minnesota AG Intensifies Data Privacy Enforcement as Cure Period Ends
The Minnesota Attorney General can now enforce the Consumer Data Privacy Act without a 30-day warning.
Why it matters: Counsel and compliance leaders must address accelerating enforcement risks under Minnesota's new privacy regime. Noncompliant companies now face immediate penalties, making proactive policy reviews essential.
- As of Feb. 1, 2026, the AG can act immediately against MCDPA violations—no 30-day notice needed.
- The MCDPA provides for civil penalties up to $7,500 per violation, with injunctive relief at the AG's discretion.
- Over 200 consumer complaints were filed within the law’s first six months.
- Minnesota joins 18 other states with comprehensive consumer privacy laws in effect as of January 2026.
The Minnesota Consumer Data Privacy Act (MCDPA) reached full effect on July 31, 2025, granting Minnesota residents sweeping rights over their personal data—including access, correction, deletion, and the right to opt out of targeted advertising.
- As of February 1, 2026, the Attorney General’s Office can enforce these rights immediately, without the previous 30-day cure period, placing businesses at increased enforcement risk.
- The MCDPA empowers the Attorney General to seek civil penalties reaching $7,500 per violation, and to pursue injunctive relief to halt noncompliant practices.
The regulatory uptick is clear: in the law’s first six months, more than 200 consumer complaints were logged—many involving alleged failures by businesses to honor new data rights. The Attorney General’s Office responded with dozens of warning letters addressing deficiencies in privacy policies, consent procedures, and the handling of opt-out signals.
Minnesota now stands among 19 U.S. states with comprehensive privacy laws. This trend mirrors growing national scrutiny of corporate data practices.
Attorney General Keith Ellison noted, “My office has been hard at work enforcing the Consumer Data Privacy Act, I encourage people across our state to make use of this powerful new law to protect their data and minimize their digital footprint.”
With new reporting tools and a recent consumer alert on digital privacy threats from federal surveillance, Minnesota is amplifying opportunities for residents to report privacy violations and assert their rights.
- The AG’s Office will discuss these developments during an upcoming webinar on April 20, 2026.
By the numbers:
- $7,500 — Maximum civil penalty per violation under the MCDPA
- 200+ — Consumer complaints filed with the AG’s Office in six months
- 19 — U.S. states with comprehensive consumer privacy laws as of January 2026
Yes, but: Details on the number and outcomes of formal enforcement actions since the cure period ended are not yet public.
What's next: The Minnesota AG’s Office will host a public webinar on April 20, 2026, to discuss enforcement and compliance trends.