Minnesota Office of the Revisor of Statutes
[*Add Subtitle/link: Office]

Menu

Revisor of Statutes Menu

Minnesota Session Laws

Key: (1) language to be deleted (2) new language

                            CHAPTER 395-S.F.No. 2908 
                  An act relating to data privacy; regulating electronic 
                  mail solicitations; protecting privacy of Internet 
                  consumers; regulating use of data about Internet 
                  users; providing penalties; amending Minnesota 
                  Statutes 2000, section 626A.28, subdivision 3; 
                  proposing coding for new law in Minnesota Statutes, 
                  chapter 325F; proposing coding for new law as 
                  Minnesota Statutes, chapter 325M. 
        BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA: 

                                   ARTICLE 1
                                INTERNET PRIVACY
           Section 1.  [325M.01] [DEFINITIONS.] 
           Subdivision 1.  [SCOPE.] The terms used in this chapter 
        have the meanings given them in this section. 
           Subd. 2.  [CONSUMER.] "Consumer" means a person who agrees 
        to pay a fee to an Internet service provider for access to the 
        Internet for personal, family, or household purposes, and who 
        does not resell access. 
           Subd. 3.  [INTERNET SERVICE PROVIDER.] "Internet service 
        provider" means a business or person who provides consumers 
        authenticated access to, or presence on, the Internet by means 
        of a switched or dedicated telecommunications channel upon which 
        the provider provides transit routing of Internet Protocol (IP) 
        packets for and on behalf of the consumer.  Internet service 
        provider does not include the offering, on a common carrier 
        basis, of telecommunications facilities or of telecommunications 
        by means of these facilities. 
           Subd. 4.  [ORDINARY COURSE OF BUSINESS.] "Ordinary course 
        of business" means debt-collection activities, order 
        fulfillment, request processing, or the transfer of ownership. 
           Subd. 5.  [PERSONALLY IDENTIFIABLE 
        INFORMATION.] "Personally identifiable information" means 
        information that identifies: 
           (1) a consumer by physical or electronic address or 
        telephone number; 
           (2) a consumer as having requested or obtained specific 
        materials or services from an Internet service provider; 
           (3) Internet or online sites visited by a consumer; or 
           (4) any of the contents of a consumer's data-storage 
        devices. 
           Sec. 2.  [325M.02] [WHEN DISCLOSURE OF PERSONAL INFORMATION 
        PROHIBITED.] 
           Except as provided in sections 325M.03 and 325M.04, an 
        Internet service provider may not knowingly disclose personally 
        identifiable information concerning a consumer of the Internet 
        service provider. 
           Sec. 3.  [325M.03] [WHEN DISCLOSURE OF PERSONAL INFORMATION 
        REQUIRED.] 
           An Internet service provider shall disclose personally 
        identifiable information concerning a consumer: 
           (1) pursuant to a grand jury subpoena; 
           (2) to an investigative or law enforcement officer as 
        defined in section 626A.01, subdivision 7, while acting as 
        authorized by law; 
           (3) pursuant to a court order in a civil proceeding upon a 
        showing of compelling need for the information that cannot be 
        accommodated by other means; 
           (4) to a court in a civil action for conversion commenced 
        by the Internet service provider or in a civil action to enforce 
        collection of unpaid subscription fees or purchase amounts, and 
        then only to the extent necessary to establish the fact of the 
        subscription delinquency or purchase agreement, and with 
        appropriate safeguards against unauthorized disclosure; 
           (5) to the consumer who is the subject of the information, 
        upon written or electronic request and upon payment of a fee not 
        to exceed the actual cost of retrieving the information; 
           (6) pursuant to subpoena, including an administrative 
        subpoena, issued under authority of a law of this state or 
        another state or the United States; or 
           (7) pursuant to a warrant or court order. 
           Sec. 4.  [325M.04] [WHEN DISCLOSURE OF PERSONAL INFORMATION 
        PERMITTED; AUTHORIZATION.] 
           Subdivision 1.  [CONDITIONS OF DISCLOSURE.] An Internet 
        service provider may disclose personally identifiable 
        information concerning a consumer to: 
           (1) any person if the disclosure is incident to the 
        ordinary course of business of the Internet service provider; 
           (2) another Internet service provider for purposes of 
        reporting or preventing violations of the published acceptable 
        use policy or customer service agreement of the Internet service 
        provider; except that the recipient may further disclose the 
        personally identifiable information only as provided by this 
        chapter; 
           (3) any person with the authorization of the consumer; or 
           (4) as provided by section 626A.27. 
           Subd. 2.  [AUTHORIZATION.] The Internet service provider 
        may obtain the consumer's authorization of the disclosure of 
        personally identifiable information in writing or by electronic 
        means.  The request for authorization must reasonably describe 
        the types of persons to whom personally identifiable information 
        may be disclosed and the anticipated uses of the information.  
        In order for an authorization to be effective, a contract 
        between an Internet service provider and the consumer must state 
        either that the authorization will be obtained by an affirmative 
        act of the consumer or that failure of the consumer to object 
        after the request has been made constitutes authorization of 
        disclosure.  The provision in the contract must be conspicuous.  
        Authorization may be obtained in a manner consistent with 
        self-regulating guidelines issued by representatives of the 
        Internet service provider or online industries, or in any other 
        manner reasonably designed to comply with this subdivision. 
           Sec. 5.  [325M.05] [SECURITY OF INFORMATION.] 
           The Internet service provider shall take reasonable steps 
        to maintain the security and privacy of a consumer's personally 
        identifiable information.  The Internet service provider is not 
        liable for actions that would constitute a violation of section 
        609.88, 609.89, or 609.891, if the Internet service provider 
        does not participate in, authorize, or approve the actions. 
           Sec. 6.  [325M.06] [EXCLUSION FROM EVIDENCE.] 
           Except for purposes of establishing a violation of this 
        chapter, personally identifiable information obtained in any 
        manner other than as provided in this chapter may not be 
        received in evidence in a civil action. 
           Sec. 7.  [325M.07] [ENFORCEMENT; CIVIL LIABILITY; DEFENSE.] 
           A consumer who prevails or substantially prevails in an 
        action brought under this chapter is entitled to the greater of 
        $500 or actual damages.  Costs, disbursements, and reasonable 
        attorney fees may be awarded to a party awarded damages for a 
        violation of this section.  No class action shall be brought 
        under this chapter.  
           In an action under this chapter, it is a defense that the 
        defendant has established and implemented reasonable practices 
        and procedures to prevent violations of this chapter. 
           Sec. 8.  [325M.08] [OTHER LAW.] 
           This chapter does not limit any greater protection of the 
        privacy of information under other law, except that: 
           (1) nothing in this chapter limits the authority under 
        other state or federal law of law enforcement or prosecuting 
        authorities to obtain information; and 
           (2) if federal law is enacted that regulates the release of 
        personally identifiable information by Internet service 
        providers but does not preempt state law on the subject, the 
        federal law supersedes any conflicting provisions of this 
        chapter.  
           Sec. 9.  [325M.09] [APPLICATION.] 
           This chapter applies to Internet service providers in the 
        provision of services to consumers in this state. 
           Sec. 10.  Minnesota Statutes 2000, section 626A.28, 
        subdivision 3, is amended to read: 
           Subd. 3.  [RECORDS CONCERNING ELECTRONIC COMMUNICATION 
        SERVICE OR REMOTE COMPUTING SERVICE.] (a)(1) Except as provided 
        in clause (2) or chapter 325M, a provider of electronic 
        communication service or remote computing service may disclose a 
        record or other information pertaining to a subscriber to or 
        customer of the service, not including the contents of 
        communications covered by subdivision 1 or 2, to any person 
        other than a governmental entity. 
           (2) A provider of electronic communication service or 
        remote computing service may disclose a record or other 
        information pertaining to a subscriber to or customer of the 
        service, not including the contents of communications covered by 
        subdivision 1 or 2, to a governmental entity only when the 
        governmental entity: 
           (i) uses an administrative subpoena authorized by statute, 
        or a grand jury subpoena; 
           (ii) obtains a warrant; 
           (iii) obtains a court order for such disclosure under 
        subdivision 4; or 
           (iv) has the consent of the subscriber or customer to the 
        disclosure. 
           (b) A governmental entity receiving records or information 
        under this subdivision is not required to provide notice to a 
        subscriber or customer. 
           Sec. 11.  [EFFECTIVE DATE; EXPIRATION.] 
           Article 1 is effective March 1, 2003.  
           Article 1 expires on the effective date of federal 
        legislation that preempts state regulation of the release of 
        personally identifiable information by Internet service 
        providers. 

                                   ARTICLE 2
                    COMMERCIAL ELECTRONIC MAIL SOLICITATION
           Section 1.  [325F.694] [FALSE OR MISLEADING COMMERCIAL 
        ELECTRONIC MAIL MESSAGES.] 
           Subdivision 1.  [DEFINITIONS.] (a) The terms used in this 
        section have the meanings given them in this subdivision. 
           (b) "Commercial electronic mail message" means an 
        electronic mail message sent through an Internet service 
        provider's facilities located in this state to a resident of 
        this state for promoting real property, goods, or services for 
        sale or lease. 
           (c) "Electronic mail address" means a destination, commonly 
        expressed as a string of characters, to which electronic mail 
        may be sent or delivered. 
           (d) "Electronic mail service provider" means a business, 
        nonprofit organization, educational institution, library, or 
        government entity that provides a set of users the ability to 
        send or receive electronic mail messages via the Internet. 
           (e) "Initiate the transmission" refers to the action by the 
        original sender of an electronic mail message, not to the action 
        by an intervening Internet service provider or electronic mail 
        service provider that may handle or retransmit the message. 
           (f) "Internet service provider" means a business or person 
        who provides users authenticated access to, or presence on, the 
        Internet by means of a switched or dedicated telecommunications 
        channel upon which the provider provides transit routing of 
        Internet Protocol (IP) packets for and on behalf of the user. 
           (g) "Internet domain name" refers to a globally unique, 
        hierarchical reference to an Internet host or service, assigned 
        through centralized Internet naming authorities, comprising a 
        series of character strings separated by periods, with the 
        rightmost string specifying the top of the hierarchy. 
           Subd. 2.  [FALSE OR MISLEADING MESSAGES PROHIBITED.] No 
        person may initiate the transmission of a commercial electronic 
        mail message that: 
           (1) uses a third party's Internet domain name without 
        permission of the third party, or otherwise misrepresents any 
        information in identifying the point of origin or the 
        transmission path of a commercial electronic mail message; or 
           (2) contains false or misleading information in the subject 
        line. 
           Subd. 3.  [SUBJECT DISCLOSURE.] The subject line of a 
        commercial electronic mail message must include "ADV" as the 
        first characters.  If the message contains information that 
        consists of material of a sexual nature that may only be viewed 
        by an individual 18 years of age and older, the subject line of 
        the message must include "ADV-ADULT" as the first characters.  
           For purposes of this subdivision, "commercial electronic 
        mail message" does not include a message: 
           (1) if the recipient has consented to receive or has 
        solicited electronic mail messages from the initiator; 
           (2) from an organization using electronic mail to 
        communicate exclusively with its members; 
           (3) from an entity which uses electronic mail to 
        communicate exclusively with its employees or contractors; or 
           (4) if there is a business or personal relationship between 
        the initiator and the recipient. 
           For purposes of this subdivision, "business relationship" 
        means a prior or existing relationship formed between the 
        initiator and the recipient, with or without an exchange of 
        consideration, on the basis of an inquiry, application, 
        purchase, or use by the recipient of or regarding products, 
        information, or services offered by the initiator or an 
        affiliate or agent of the initiator.  For purposes of this 
        paragraph, "affiliate" means a person that directly or 
        indirectly controls, is controlled by, or is under common 
        control with a specified person. 
           Subd. 4.  [TOLL-FREE NUMBER.] (a) A sender initiating the 
        transmission of a commercial electronic mail message must 
        establish a toll-free telephone number, a valid sender-operated 
        return electronic mail address, or another easy-to-use 
        electronic method that the recipient of the commercial 
        electronic mail message may call or access by electronic mail or 
        other electronic means to notify the sender not to transmit by 
        electronic mail any further unsolicited commercial electronic 
        mail messages.  The notification process may include the ability 
        for the commercial electronic mail messages recipient to direct 
        the initiator to transmit or not transmit particular commercial 
        electronic mail messages based upon products, services, 
        divisions, organizations, companies, or other selections of the 
        recipient's choice. 
           (b) A commercial electronic mail message must include a 
        statement informing the recipient of a toll-free telephone 
        number that the recipient may call, or a valid return address to 
        which the recipient may write or access by electronic mail or 
        another electronic method established by the initiator, 
        notifying the sender not to transmit to the recipient any 
        further unsolicited commercial electronic mail messages to the 
        electronic mail address, or addresses, specified by the 
        recipient, and explaining the manner in which the recipient may 
        specify what commercial electronic mail messages the recipient 
        does and does not wish to receive. 
           Subd. 5.  [BLOCKING RECEIPT OR TRANSMISSION.] No electronic 
        mail service provider may be held liable in an action by a 
        recipient for any act voluntarily taken in good faith to block 
        the receipt or transmission through its service of any 
        commercial electronic mail message that the electronic mail 
        service provider reasonably believes is, or will be, sent in 
        violation of this section. 
           Subd. 6.  [DEFENSES.] (a) A person is not liable for a 
        commercial electronic mail message sent in violation of this 
        section if the person can show by a preponderance of the 
        evidence that the commercial electronic mail message was not 
        initiated by the person or was initiated in a manner and form 
        not subject to the control of the person. 
           (b) In an action under this section it is a defense that 
        the defendant has established and implemented reasonable 
        practices and procedures to prevent violations of this section. 
           Subd. 7.  [DAMAGES.] (a) A person injured by a violation of 
        this section may recover damages caused by the violation as 
        specified in this subdivision.  
           (b) An injured person, other than an electronic mail 
        service provider, may recover: 
           (1) the lesser of $25 for each commercial electronic mail 
        message received that violates subdivision 2, or $35,000 per 
        day; or 
           (2) the lesser of $10 for each commercial electronic mail 
        message received that violates subdivision 3, or $25,000 per day.
           (c) An injured electronic mail service provider may recover 
        actual damages or elect, in lieu of actual damages, to recover: 
           (1) the lesser of $25 for each commercial electronic mail 
        message received that violates subdivision 2, or $35,000 per 
        day; or 
           (2) the lesser of $10 for each commercial electronic mail 
        message received that violates subdivision 3, or $25,000 per day.
           (d) At the request of any party to an action brought under 
        this section, the court may, at its discretion, conduct all 
        legal proceedings in such a way as to protect the secrecy and 
        security of the computer, computer network, computer data, 
        computer program, and computer software involved in order to 
        prevent possible recurrence of the same or a similar act by 
        another person and to protect any trade secrets of any party. 
           (e) Costs, disbursements, and reasonable attorney fees may 
        be awarded to a party awarded damages for a violation of this 
        section.  No class action shall be brought under this section.  
           (f) Except as otherwise provided in this subdivision, the 
        remedies in this subdivision are in addition to remedies 
        available under section 8.31, 325F.70, or other law. 
           Subd. 8.  [RELATIONSHIP TO FEDERAL LAW.] If federal law is 
        enacted that regulates false, misleading, or unsolicited 
        commercial electronic mail messages but does not preempt state 
        law on the subject, the federal law supersedes any conflicting 
        provisions of this section.  
           Sec. 2.  [EFFECTIVE DATE; EXPIRATION.] 
           Article 2 is effective March 1, 2003.  
           Article 2 expires on the effective date of federal 
        legislation that preempts state regulation of false, misleading, 
        or unsolicited commercial electronic mail messages. 
           Presented to the governor May 20, 2002 
           Signed by the governor May 22, 2002, 1:29 p.m.

700 State Office Building, 100 Rev. Dr. Martin Luther King Jr. Blvd., St. Paul, MN 55155 ♦ Phone: (651) 296-2868 ♦ TTY: 1-800-627-3529 ♦ Fax: (651) 296-0569