On Tuesday this week, Montana’s new consumer protections law took effect, joining many other states with similar consumer privacy rights legislation.
The Montana Consumer Data Privacy Act (MCDPA) provides residents with the right to access or obtain copies of their data collected by online companies, the right to request deletion of personal information maintained by a company, and to opt-out of the collection of personal information for purposes of targeted advertising or sale of their data to third parties. Importantly, the MCDPA requires a universal opt-out; Senator Daniel Zolnikov said about this type of opt-out requirement, “If [consumers] want to opt out all at once, they don’t have to do it on a thousand different websites.”
Senator Zolnikov furthered that the MCDPA was modeled after Connecticut’s consumer privacy bill but more of a middle ground between California’s law (which Zolnikov cites as being too government-involved) and Utah’s law (which Zolnikov cites as being too diluted). The Montana Attorney General’s office will enforce the MCDPA, but companies will be permitted to correct non-compliance within 60 days, although that grace period ends in April 2026. Similar to data breach notification statutes in the U.S., states continue to create a patchwork of consumer privacy laws ahead of federal regulation.