MCPA Definitions Personal data is defined as “any information that is linked or reasonably linkable to an identified or identifiable natural person.” Personal data does not include deidentified data or publicly available information. “Publicly available information” means information that (1) is lawfully made available from federal, state, or local government records or widely distributed media, or (2) a controller has a reasonable basis to believe has lawfully been made available to the general public. The MCPA uses the term “controller” which is like the definition that appears in the General Data Protection Regulation (GDPR) and other data privacy laws. Controller means the “natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.” The MCPA defines “consumer” as a natural person who is a Minnesota resident acting only in an individual or household context. Consumer does not include a natural person acting in a commercial or employment context. This means that the MCPA does not apply to personal data relating to job applicants, employees, and individuals acting in their capacity as business representatives. For the purposes of the MCPA a “sale” includes an exchange of personal data for monetary consideration or “any other valuable consideration.” The MCPA specifically applies to “technology providers” that contract with public education agencies and institutions pursuant to Minnesota Statute § 13.32. MCPA Exemptions The MCPA includes exemptions for certain types of businesses and data. Governmental entities, federally recognized Indian tribes, “small business{es}” as defined by the U.S. Small Business Administration regulations, air carriers under the Airline Deregulation Act, and certain kinds of banks, credit unions and insurance companies are exempt.
81
Made with FlippingBook - Online Brochure Maker