United States of America: Bill amending Consumer Data Privacy Act including protection of health data as sensitive data (Bill No. HF 2700) was introduced to Minnesota House of Representatives

On 24 March 2025, the Bill amending Consumer Data Privacy Act, including protection of sensitive data, was introduced to the Minnesota House of Representatives. The bill modifies the Minnesota Consumer Data Privacy Act to classify consumer health data as sensitive data and introduce additional protections for such data. The Bill applies to entities conducting business in the state or targeting Minnesota residents that process or control the personal data of at least 100,000 consumers annually (excluding payment-only data), or derive 25% of gross revenue from selling personal data while processing at least 25,000 consumers' data. The Bill introduces several obligations, including the requirement for valid, standalone consumer authorisation before selling sensitive data, and documented privacy policies and data privacy and protection assessments for high-risk activities, including profiling and targeted advertising. The Bill excludes certain sectors and data types, including government entities, small businesses, and health data governed by federal laws.