State privacy overview

Michigan Data Privacy: A Plain-Language Overview

Informational summary · Michigan Personal Data Protection Act (MPDPA)
General information — not legal advice. This overview is provided for general educational purposes only and may not reflect the most recent changes in the law. It is not legal advice and does not create any attorney–client relationship. Verify current requirements with the state's official resources and consult qualified counsel before acting.

Michigan Personal Data Protection Act (MPDPA)

Status: Effective beginning 2026 (phased enforcement starts)

Michigan enacted the Michigan Personal Data Protection Act (MPDPA) in 2025, establishing a comprehensive framework governing the collection and processing of personal data. The law requires businesses to be transparent about data practices and grants Michigan residents specific rights to access and control their information. It applies to for-profit entities conducting business in the state that meet specific thresholds for revenue or data volume.

Rights residents generally have

Who it generally applies to

Applies to for-profit entities that do business in Michigan and (a) control or process the data of 100,000+ consumers (excluding payments), or (b) derive over 50% of gross revenue from the sale of personal data and control/process the data of 25,000+ consumers.

What this means for B2B outreach

The law distinguishes between consumer and business data; contact info used strictly for business-to-business (B2B) purposes or employment verification is generally not considered 'personal data' under the Act.

Authoritative source: Michigan Department of Attorney General. Always confirm current requirements there.

Marketing that respects privacy by design

We run permission-based, compliance-minded campaigns with real opt-out handling.

Talk to us

← All state privacy overviews