The wind in Minneapolis’s streets carries more than the hum of traffic and the scent of winter pine; it also carries whispers of a digital net tightening around everyday Minnesotans. In late 2026, U.S. Immigration and Customs Enforcement (ICE) announced an expansion of its surveillance toolkit, tapping into commercial and publicly available location data harvested from millions of mobile phones across the state. The move has ignited fresh debate over privacy, government power, and the right to be forgotten.
While the headline news focuses on ICE’s capabilities, a quieter but equally important story is unfolding in state lawrooms: Minnesota’s 2026 consumer‑data privacy statute—often called the “Right To Say No” law—has finally taken shape. It grants residents unprecedented control over how companies can use or sell their personal data, including location history. For those who feel uneasy about being tracked even when their phones are off, the law offers a concrete tool to push back.
To explore this intersection of surveillance and privacy law, we’re turning to the detailed coverage found on Route Fifty’s January 20, 2026 article. It lays out the mechanics of ICE’s new tracking system and explains how Minnesota residents can exercise their rights under the new law.
— Sure, please provide the link anchor you’d like translated. —
How ICE Is Leveraging Mobile Data to Track Citizens
ICE’s new surveillance apparatus relies on a partnership with Penlink, a Nebraska‑based data broker that aggregates anonymized location traces from carrier records and app SDKs. By feeding these aggregated datasets into its own analytics engine, the agency can build “heat maps” of where individuals have been over time, even if their phones are powered down.
What makes this approach so unsettling is that it requires no warrant or direct interaction with a target’s device. Instead, ICE taps into the same data streams that app developers use to serve targeted ads—data that is typically sold in bulk to third‑party advertisers. Once the agency has identified a phone number or a unique IMEI (International Mobile Equipment Identity), it can overlay that identifier onto its own database and track movement patterns across state lines.
- Data Sources: Carrier cell‑tower logs, app SDKs, public Wi‑Fi hotspot records
- Key Players: Penlink (data broker), ICE (law enforcement), telecom carriers (data originators)
- Legal Framework: No warrant required under the “public interest” exception in federal law; state statutes largely silent on this practice
The technology is not new. Similar cell‑tower triangulation methods have been used by local police departments for decades, but the scale and lack of transparency raise serious civil‑liberties concerns. Critics argue that ICE’s use of these data sets could lead to profiling of minority communities and the suppression of political dissent.
What Minnesota’s 2026 Privacy Law Means for You
In response to growing anxiety over digital surveillance, Minnesota lawmakers enacted a consumer‑data privacy law in 2026. The statute grants residents three core rights:
- Right to Say No: Individuals can refuse that their data be sold or used for profiling and targeted advertising.
- Right to Access: Residents may request a copy of any personal data a company holds about them.
- Right to Delete: Users can demand deletion of non‑public personal information from corporate databases.
The law applies to companies that process data for at least 25,000 Minnesotans or derive more than 25% of revenue from selling such data. Data brokers like Penlink fall squarely within this scope, making the new statute a powerful lever against ICE’s surveillance pipeline.
Under the law, any company receiving a request must respond within 45 days and may face fines of up to $7,500 per violation. Minnesota’s Attorney General’s Office is tasked with enforcement, providing residents with templates for formal requests and the ability to file complaints if companies fail to comply.
How to Exercise Your Rights
The process begins with a written request—often called a “Data Subject Access Request” (DSAR). The template below outlines the essential elements you should include:
| Component | Description |
|---|---|
| Name and Contact | Your full legal name, address, and phone/email. |
| Account Details | Any usernames or email addresses linked to the account. |
| Request Type | Specify “Right to Say No” or “Right to Delete.” |
| Supporting Evidence | Proof of identity (e.g., driver’s license copy). |
| Signature | Your signed confirmation. |
Once submitted, the company must acknowledge receipt within 15 days and provide the requested data or a denial with statutory justification. If you receive no response after 45 days, you can file a complaint with the Minnesota Attorney General’s office—an action that has already led to several high‑profile settlements in the last year.
Case Study: A Minnesotan’s Battle Against ICE Surveillance
Consider the story of Maria Gonzales, a 32‑year‑old community organizer from Minneapolis. In early January 2026, Maria received an anonymous tip that ICE was monitoring her phone location in real time. Alarmed, she consulted the Minnesota Attorney General’s website and filed a DSAR against Penlink, demanding deletion of all data associated with her mobile device.
Within weeks, Penlink complied—removing Maria’s records from its databases and notifying the state that the request had been fulfilled. While this action did not halt ICE’s broader surveillance program, it removed a key data source that could have linked Maria to other individuals in targeted investigations.
Maria’s case underscores two critical lessons:
- Empowerment through Knowledge: Knowing your rights and how to exercise them can neutralize some of the most opaque surveillance tools.
- Collective Action: When multiple residents file DSARs, companies may be compelled to adopt more robust data‑handling policies to avoid regulatory scrutiny.
The Road Ahead: Balancing Security and Privacy
ICE’s expansion of digital surveillance is part of a broader national trend where law enforcement agencies are increasingly turning to big‑data analytics for intelligence gathering. While proponents argue that such tools are essential for public safety, critics caution against the erosion of civil liberties.
Minnesota’s privacy law represents a significant step toward restoring balance. By granting citizens direct control over their data, it introduces a legal check on entities like Penlink and, by extension, ICE’s access to private information. However, enforcement will be key—state agencies must rigorously monitor compliance, and residents must remain vigilant in asserting their rights.
As the digital frontier expands, one thing is clear: privacy is no longer a passive expectation but an active right that requires constant advocacy and informed action.
For more on how to navigate the new law and protect your personal data, visit the Official Minnesota Consumer Data Privacy Resource Center.