Michigan Data Privacy: A Plain-Language Overview
Michigan Personal Data Protection Act (MPDPA)
Status: Effective beginning 2026 (phased enforcement starts)
Michigan enacted the Michigan Personal Data Protection Act (MPDPA) in 2025, establishing a comprehensive framework governing the collection and processing of personal data. The law requires businesses to be transparent about data practices and grants Michigan residents specific rights to access and control their information. It applies to for-profit entities conducting business in the state that meet specific thresholds for revenue or data volume.
Rights residents generally have
- access to their personal data
- delete their personal data
- correct inaccurate personal data
- opt-out of targeted advertising or the sale of data
- opt-out of certain types of automated profiling
- data portability
Who it generally applies to
Applies to for-profit entities that do business in Michigan and (a) control or process the data of 100,000+ consumers (excluding payments), or (b) derive over 50% of gross revenue from the sale of personal data and control/process the data of 25,000+ consumers.
What this means for B2B outreach
The law distinguishes between consumer and business data; contact info used strictly for business-to-business (B2B) purposes or employment verification is generally not considered 'personal data' under the Act.
Authoritative source: Michigan Department of Attorney General. Always confirm current requirements there.
Marketing that respects privacy by design
We run permission-based, compliance-minded campaigns with real opt-out handling.
Talk to us