Michael Canty, Carol Villegas, and Danielle Izzo of Labaton Sucharow write:
Maryland joined the patchwork of 19 states enacting data privacy rules themselves in lieu of a federal standard last year when Gov. Wes Moore (D) signed the Maryland Online Data Privacy Act of 2024, empowering the state to curb exploitative data practices. The MODPA went into effect on Oct. 1, and enforcement begins on April 1, 2026.
Companies and consumers are evaluating whether the MODPA mirrors existing privacy regulations or marks a significant regulatory expansion. In either case, MODPA is a step toward restoring data privacy control into the hands of consumers.
The MODPA appears to be consistent with many existing state privacy statutes. However, its scope likely extends beyond existing state statutes because it sets a low threshold for application to companies doing business in Maryland and establishes stringent data minimization requirements that encompass broad categories, specifically with respect to “sensitive data.”
Privacy advocates have praised the statute as one that “provides Marylanders with some of the strongest privacy protections in the country.”
Read more at Bloomberg Law.