Proposed North Dakota Law Would Require Consent for User Data Sales, Authorize Private Right of Action with Steep Minimum Damages
Privacy, Cyber & AI Decoded Alert | 1 min read
Feb 3, 2021
A proposed bill in the North Dakota House of Representatives would prohibit the sale by a covered entity of a user's protected data without consent. The bill, which was sponsored by four Republican state representatives, has been referred to the Industry, Business and Labor Committee.
The bill defines "covered entity" as "a partnership, limited liability company, corporation, or other legal entity, including a social media company, that collects and sells a user's protected data and does business in the state."
A user's "protected data" is broadly defined to include:
- Location
- Screen name
- Website address
- Interests
- Hometown
- Professional history
- Friends or followers
- Shopping habits
- Test scores
- Health conditions
- Insurance
- Internet browsing history
- Purchases or purchase history
- Number of friends or followers
- Alcohol, tobacco, or drug usage
- Gambling habits
- Residence details
- Credit
- Insurance policies
- Media usage
- Relationship status
Covered entities would be prohibited from selling a user's protected data unless the user opts-in to allow the sale. The covered entity would be required to provide the user with the opportunity to affirmatively click or select approval of the sale for each type of protected data at issue. The protected data collected and sold by the covered entity must be described "clearly in plain language" to the user.
Notably, the proposed law contains a private right of action, expressly authorizing class action lawsuits. The bill provides that a "covered entity that violates this chapter is civilly liable to the user for a minimum of ten thousand dollars [emphasis added]." In the event of knowing violations, the minimum damages amount to the user would be $100,000. Recovery of attorney's fees is authorized for any violation.
Unsurprisingly, advertising trade groups are seeking revisions to the bill, raising particular concern over the opt-in consent requirement and private right of action.
Related Capabilities
Featured Insights
Press Release
Dec 4, 2025
Hinshaw Recognized by the Leadership Council for Legal Diversity as a 2025 Top Performer
Press Release
Nov 25, 2025
Hinshaw Legal Team Secures Summary Judgment in Gas Station Injury Case
Press Release
Dec 4, 2025
Hinshaw Recognized by the Leadership Council for Legal Diversity as a 2025 Top Performer
Press Release
Nov 25, 2025
Hinshaw Legal Team Secures Summary Judgment in Gas Station Injury Case
Press Release
Nov 18, 2025
Hinshaw Releases the Third Edition of Duty to Defend: A Fifty-State Survey
In The News
Nov 13, 2025
A Profile on Neil Rollnick: After 57 Years in Practice, He Has No Plans to Retire
Privacy, Cyber & AI Decoded Alert
Oct 22, 2025
Press Release
Oct 22, 2025
Hinshaw & Culbertson LLP Launches New Website and Refreshed Brand
