What's Happening?
Maryland has implemented the Maryland Online Data Privacy Act (MODPA), which went into effect on October 1, 2025, with enforcement beginning on April 1, 2026. This law aims to enhance consumer data privacy
by imposing strict data minimization requirements on businesses operating in the state. The MODPA mandates that companies can only collect and process sensitive data if it is strictly necessary for delivering or maintaining specific products or services. It also prohibits the sale of sensitive data, regardless of consumer consent. The law is considered one of the most stringent in the U.S., requiring businesses to reassess their data collection practices and privacy policies to ensure compliance.
Why It's Important?
The MODPA represents a significant shift in data privacy regulation, potentially setting a precedent for other states. By imposing strict data minimization requirements, the law aims to restore control over personal data to consumers, enhancing privacy protections. Businesses operating in Maryland must adapt to these new standards, which may require fundamental changes to their data practices. The law's stringent requirements could lead to increased transparency and accountability in how consumer data is handled, impacting industries reliant on data collection and processing.
What's Next?
As enforcement of the MODPA begins in April 2026, businesses must prepare for potential penalties for non-compliance, including civil fines and reputational damage. Companies should conduct internal assessments to ensure their data practices align with the law's requirements. The Maryland attorney general will play a key role in interpreting and enforcing the law, which may lead to further clarifications through enforcement actions. Businesses may need to engage in litigation or adjust their practices to avoid violations.
Beyond the Headlines
The MODPA's impact extends beyond immediate compliance challenges, potentially influencing national data privacy standards. As more states consider similar legislation, businesses may face a complex regulatory landscape, prompting calls for a unified federal data privacy law. The law also raises ethical considerations regarding consumer consent and data usage, encouraging companies to prioritize ethical data practices.
