Maryland Implements New Privacy Law Affecting Data Collection Practices

What's Happening?

Maryland's Online Data Privacy Act of 2024 (MODPA) is set to take effect on October 1, introducing new regulations on how companies collect, use, and sell personal data. The law aims to provide consumer protections for Maryland residents, particularly concerning large businesses handling personal and biometric data. According to David Turner, Senior Advisor and Communications Director for Governor Wes Moore, the Act establishes clear methods for managing personal information sharing. The legislation was passed by the General Assembly and signed by Governor Moore in 2024, amid growing concerns over data privacy. MODPA grants consumers rights to access, delete, and opt out of certain data practices, and limits the sale of sensitive data, especially for individuals under 18. The law applies to companies operating in Maryland or targeting its residents, with specific thresholds for compliance.

Why It's Important?

The implementation of MODPA marks a significant step in addressing data privacy concerns in the U.S., as Maryland becomes the seventeenth state to enact comprehensive consumer data privacy legislation. This law provides Maryland residents with greater control over their personal information, potentially influencing other states to adopt similar measures. The Act's restrictions on data sales and targeted advertising could impact businesses that rely on personal data for marketing and revenue generation. As privacy laws evolve, companies may face increased compliance costs and operational changes to adhere to new standards. The Maryland Attorney General will enforce the law, ensuring businesses comply with the new regulations.

What's Next?

With MODPA taking effect on October 1, businesses operating in Maryland must prepare to meet the new compliance obligations. Other states are also advancing privacy-related legislation, such as the Oregon Consumer Privacy Act, set to be implemented in January 2026. As states continue to develop privacy laws, companies may need to adapt their data practices across multiple jurisdictions. The evolving landscape of data privacy legislation could lead to a more standardized approach to consumer data protection in the U.S.