Two additional U.S. states have enacted comprehensive data privacy legislation, expanding the regulatory landscape for email marketing operations. Tennessee’s Information Protection Act took effect July 1, 2025, while Minnesota’s privacy law becomes active July 31, 2025.
The Tennessee Information Protection Act applies to businesses meeting specific size thresholds and requires explicit consent for processing personal data. The law grants consumers rights including data access, deletion requests, and the ability to opt out of data sales. Companies must also implement mechanisms to honor these consumer rights requests.
Minnesota’s privacy legislation follows a similar framework, adding another layer to the growing patchwork of state-level privacy regulations across the United States.
Both laws require businesses to reassess their data collection practices, consent mechanisms, and consumer rights management systems. Email marketers operating in these states must review their current opt-in processes, data handling procedures, and unsubscribe mechanisms to ensure compliance with the new requirements.
The laws join existing privacy regulations in California, Virginia, Colorado, Connecticut, and Utah, creating a complex compliance environment for email marketing operations that span multiple states. Each state law contains specific provisions that may differ from existing regulations, requiring tailored compliance approaches rather than one-size-fits-all solutions.
Email service providers and marketing automation platforms are expected to update their systems to accommodate the new state requirements, particularly around consent management and consumer rights fulfillment processes.
The implementation of these laws continues the trend toward stricter data privacy regulation in the U.S., moving beyond the California Consumer Privacy Act framework that previously served as the primary state-level privacy standard for many businesses.
