From the good folks at EPIC.org:
The Maryland Online Data Privacy Act (SB 541/HB 567) has passed both the House and Senate. Next, each bill will face a vote in the opposite chamber before heading to conference committee to reconcile minor differences between versions. EPIC testified in support of the bills in both the Senate and the House earlier this spring.
The bill includes key data minimization principles and strong civil rights protections, modeled on the American Data Privacy and Protection Act (“ADPPA”). The bill’s data minimization requirements include limiting the collection of personal data to what is reasonably necessary for the product or service consumers request and protecting sensitive data by requiring its collection and use to meet the higher standard of strictly necessary.
Last year, EPIC crafted the State Data Privacy and Protection Act, modeled on ADPPA, to give state legislators the opportunity to use the bipartisan consensus language from ADPPA to strengthen state bills. EPIC also recently released The State of Privacy: How State “Privacy” Laws Fail to Protect Privacy and What They Can Do Better, which found that nearly half of the 14 states that have passed so-called comprehensive privacy laws received a failing grade, and none received an A.
The protections in the Maryland Online Data Privacy Act are significantly stronger than most of the other comprehensive privacy laws states have passed so far and, if enacted, would give Marylanders some of the strongest privacy protections in the country.