While several states including California and Colorado have passed laws to regulate the use of AI, the Trump Administration issued an Executive Order December 11, 2025 aiming to preempt efforts made by states to restrict the use of AI. In the meantime, the EU Artificial Intelligence Act passed in 2024 will see many of its provisions take effect in August 2026. While it is impossible for a business to become an expert in all the laws related to data privacy and security, it is our hope that this Guide will at least provide a basic understanding of the wide variety of laws and how those laws may impact your business. This Guide was prepared for Minnesota-based businesses. Data, however, crosses state and national borders, and thanks to the Internet, most businesses have now become global. It is no longer safe to just consider Minnesota and U.S. laws and federal regulations when it comes to data privacy and security. For this reason, we have included some basic information on data privacy laws outside of the United States. The USA had long been deemed a country without adequate data security safeguards by the EU governmental authorities. As a result, a business in the USA could not transfer personal data of a European resident to a server in the USA without a proper legal mechanism. In 2023 the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, allowing for the transfer of personal data to the USA. European and U.S. organizations now have a new framework for data transfers across the Atlantic. This relatively new Data Privacy Framework is discussed in the Guide. The Standard Contractual Clauses and Binding Corporate Rules which are also discussed in this Guide remain valid and appropriate legal mechanisms for data transfer.
ix
Made with FlippingBook - Online Brochure Maker