Two new US privacy laws are now live, and if you’re a Shopify merchant, they may apply to your store. These are the Tennessee Information Protection Act (TIPA) and the Minnesota Consumer Data Privacy Act (MCDPA). They add to the growing list of state-level privacy rules, which already include California, Virginia, Colorado, and others. More states are passing similar laws, which means more rules for online stores to follow.

If you collect personal data from visitors in Tennessee or Minnesota, you now have new legal duties. Even if you’re not based in the US, your store might still fall under these laws if you sell to people in those states.

Let’s go over what these laws require, how they affect your Shopify store, and what you should do next.

What Are TIPA and MCDPA?

TIPA (Tennessee) and MCDPA (Minnesota) are privacy laws that give residents of those states more control over how their data is collected, used, and shared. They follow similar models to other US privacy laws like the CPRA (California) and VCDPA (Virginia).

These laws apply to businesses that collect personal data from people in Tennessee or Minnesota and meet certain revenue or data-processing thresholds. Many Shopify merchants fall into this category, depending on store size and audience reach.

If these laws apply to you, your store needs to allow users to opt out of data sales or sharing, offer a way to access or delete their data, update your Privacy Policy to include how you collect and use personal information, and respond to data rights requests within a set time period. In short: visitors need to know what’s happening with their data and have options to say no or get more information.

What Counts as Personal Data?

Personal data isn’t just a name or email. It can include things like an IP address, purchase history, device ID, location data, or browsing activity. Many Shopify merchants use tools like Google Analytics, Facebook Pixel, and third-party apps that collect this data. This means you may be collecting personal data without even realizing it.

If you're not offering a way for users to opt out or request data access, you could be missing an important requirement.

What’s New in Consentmo?

Consentmo has already added both TIPA and MCDPA to the app’s interactive legal map. This means the app can detect if someone is visiting your store from Tennessee or Minnesota and apply the correct settings automatically. Cookie banner behavior adjusts based on location.

Consentmo helps you build and publish your U.S. Data Request Page, where visitors can ask for a copy of their data, request deletion, or opt out of personal data sales. These tools are built into the app, but merchants still need to check that their setup includes the correct forms and options.

What to Do Next?

Consentmo handles detection and banner behavior, but every merchant still needs to complete one important task: updating the U.S. Laws Data Request Page.

For our users - go to Settings > Policies > Data Request Pages and make sure your US Laws Page is updated to reflect the new state-level options. That way, visitors from Tennessee and Minnesota see the correct controls.

What If You Ignore It?

Some merchants think these laws won’t apply to them. But ignoring them is risky. You might already be getting traffic from Tennessee and Minnesota. You may have third-party apps that track behavior. Your Privacy Policy might not be up to date. Even if enforcement is slow, complaints can still happen. And some states allow private lawsuits for violations.

Do You Need a Lawyer?

With new privacy laws rolling out across different U.S. states, it's natural to wonder whether you need legal guidance. While Consentmo covers the technical parts - like banners, request forms, and location-based behavior, it’s still smart to speak with a legal advisor if you're unsure about how the rules apply to your business.

‍Consentmo supports more than 10 U.S. state laws, and the list keeps growing.

Why These Laws Matter?

The U.S. doesn’t have one national privacy law. Each state is passing its own. That means Shopify merchants have to follow a patchwork of regulations. TIPA and MCDPA are just the latest. More are coming. Merchants that act early are better prepared.

Consentmo continues to update its tools based on legal changes. The app adapts to new rules, but merchants still need to double-check settings.

Want to Know More?

Check these pages for full details:

• Tennessee Information Protection Act (TIPA)
• Minnesota Consumer Data Privacy Act (MCDPA)

These guides cover opt-out options, data rules, and request timelines. They’re useful when editing your Privacy Policy or reviewing app settings.

Wrapping Up

TIPA and MCDPA are now live, and Consentmo supports both. Automatic detection, banner behavior, and consent records help merchants stay covered. But don’t forget to check your U.S. Laws Data Request Page. It only takes a few minutes in the Consentmo dashboard.

Merchants don’t need to do everything manually - but staying current matters.

Need help? Visit the Consentmo Help Center or message the support team.