+

Download UCPA checklist

Consentmo is dedicated to protecting and respecting your privacy. We will only use your personal information to respond to inquiries, provide requested materials, or share updates and services that we believe may interest you.

You can manage your privacy preferences or opt-out at any time. For more details on how to unsubscribe, our privacy practices, and our commitment to safeguarding your privacy, please refer to the Consentmo Privacy Policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
MCDPA Title Text

What is MCDPA?

The Montana Consumer Data Privacy Act (MCDPA) is a state-level data privacy law designed to give Montana residents greater control over their personal data. The law provides consumers with rights such as accessing, correcting, and deleting their personal information, as well as opting out of data sales and targeted advertising. It applies to businesses meeting specific revenue or data processing thresholds. The MCDPA was enacted on May 19, 2023, and is part of a growing trend of state-level privacy legislation in the United States.

Where does the MCDPA apply?

The Montana Consumer Data Privacy Act (MCDPA) applies to businesses that conduct business in Montana or target products or services to Montana residents.

It specifically covers entities that meet at least one of the following thresholds:
- Control or process the personal data of at least 50,000 Montana residents annually.
- Over 25% of their gross revenue is from the sale of personal data while controlling or processing the personal data of at least 25,000 residents.

graphic of a white magnifying glass against a blue background

What are the possible reasons for a penalty?

Common reasons include:
- Failure to respond to Consumer Requests such as not addressing consumer rights requests to access, correct, delete, or opt out of the processing of their personal data within the required timeframe.
- Non-Compliance with Data Processing Obligations: Processing personal data without a valid legal basis, such as consumer consent, or failing to provide transparency about data collection and use.
- Improper handling of Sensitive Data, such as collecting or processing sensitive personal information (ex.: health data or geolocation) without obtaining explicit consent or following required safeguards.
- Lack of adequate Security Measures.

Who is liable for a penalty under MCDPA?

Under the Montana Consumer Data Privacy Act (MCDPA), the data controllers and data processors - businesses that collect, use, or manage personal data of Montana residents are liable for penalties if they fail to comply with the law's requirements.

graphic of a building in white against a blue background
white sheet of paper graphic against a blue background with shield in front of it

What are the penalties for
Non-Compliance?

- Monetary Fines: Businesses found in violation of the MCDPA may face civil penalties of up to $7,500 per violation, with each affected consumer potentially constituting a separate violation.
- Injunctions: The Attorney General may seek court orders to stop unlawful practices and compel businesses to comply with the law.
- Cure Period: businesses are typically granted a 60-day cure period to address and resolve alleged violations. If the issues are not remedied within this timeframe, enforcement actions and fines can proceed.
- Legal Costs.

Get the UCPA checklist for Free

Improve the effectiveness of your compliance strategy now.

Download checklist
graphic of a white notepad page against a black background

Frequently Asked Questions

How do I obtain consent from individuals under the MCDPA?

Businesses must use clear and transparent methods that allow individuals to make an informed and affirmative choice. Consent must be obtained before processing sensitive personal data, such as health information, biometric data, or geolocation. Businesses should present information about data collection and processing in plain, understandable language, avoiding jargon. Consent must be an active action by the individual, such as checking a box or clicking a confirmation button; pre-checked boxes or implied consent are not compliant. For individuals under the age of 13, verifiable parental consent is required. Businesses must also provide a simple way for individuals to withdraw consent at any time.

How is the MCDPA enforced?

The Montana Consumer Data Privacy Act (MCDPA) is enforced by the Montana Attorney General, who has the authority to investigate violations, issue penalties, and ensure compliance with the law. Businesses that violate the MCDPA are typically given a 60-day cure period to address and remedy the non-compliance after being notified. If the issues are not resolved within this timeframe, the Attorney General can impose penalties, including fines of up to $7,500 per violation.

How do I make my business compliant with the MCDPA?

Start by assessing whether your business meets the law’s applicability criteria, such as processing the personal data of at least 50,000 Montana residents annually or earning a significant portion of revenue from data sales. Develop a clear and accessible privacy policy that outlines how you collect, use, and share personal data, and include details about consumer rights under the MCDPA. Implement systems to handle consumer rights requests, such as accessing, correcting, deleting, or opting out of data processing.

Shopify merchants can use tools like Consentmo to simplify compliance, as it provides automated solutions for cookie consent management, privacy notices, and handling data subject requests.

Join the masses in relying on Consentmo for top-notch privacy protection

View demoStart for FREE
Is your site compliant?
Subscribe to get our monthly newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Started
FeaturesPricing
Regulations
GDPR (EU)CCPA (California)PIPEDA (Canada)LGPD (Brazil)APPI (Japan)PDPA (Thailand)POPIA (South Africa)APA (Australia)NZPA (New Zealand)
Resources
BlogeBooksKnowledge baseCookie ScannerAdaptive Mobile Experience
Comparison
Consentmo vs.
Shopify Consentmo vs. PandectesConsentmo vs.
Avada
Compliance
GoogleIAB TCFGlobal Privacy ControlShopify Customer Privacy
Company
About us
FAQs
Contact
Legal
Terms of ServicePrivacy PolicySupport Policy
UET consent mode microsoft logo
Shopify app storeShopify app store
Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
© 2025 Consentmo. All Rights Reserved.

The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.
Subscribe to get our monthly newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Started
FeaturesPricingBlack Friday Offer⚡
Regulations
GDPR (EU)CCPA (California)LGPD (Brazil)PIPEDA (Canada)APPI (Japan)PDPA (Thailand)POPIA (South Africa)APA (Australia)NZPA (New Zealand)
Resources
BlogeBooksKnowledge baseCookie ScannerAdaptive Mobile Experience
Comparison
Consentmo vs. Shopify Consentmo vs. PandectesConsentmo vs. Avada
Company
About us
FAQs
Contact
Legal
Terms of ServicePrivacy PolicySupport Policy
Shopify app storeShopify app storeShopify partners
Shopify app storeShopify app store
Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
© 2025 Consentmo. All Rights Reserved.

The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.