The Maryland Online Data Privacy Act

Maryland is joining the growing number of states with comprehensive data privacy laws! The Maryland Online Data Privacy Act (MODPA) takes effect on October 1, 2025, with enforcement of data processing provisions starting on April 1, 2026. This law grants Maryland consumers new rights regarding their personal information and imposes obligations on businesses that handle their data.

Key Provisions of the MODPA:

  • Consumer Rights:

    • Right to Access: Consumers can request access to their personal data.

    • Right to Correction: Consumers can request correction of inaccurate personal data.

    • Right to Deletion: Consumers can request deletion of their personal data.

    • Right to Opt-Out: Consumers can opt-out of the sale of their personal data or its use for targeted advertising and profiling.

    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.

  • Business Obligations:

    • Provide a Privacy Notice: Clearly inform consumers about your data practices.

    • Respond to Consumer Requests: Respond to consumer requests within 45 days.

    • Implement Reasonable Security: Protect personal data with appropriate security measures.

    • Conduct Data Protection Assessments: Assess risks for processing activities like targeted advertising, profiling, and the processing of sensitive data.

    • Obtain Consent: Obtain consent before processing sensitive data.

  • Sensitive Data:

    • The MODPA does not define specific categories of sensitive data but requires controllers to establish and maintain reasonable security procedures and practices to protect personal data.

  • Data Minimization:

    • The MODPA emphasizes data minimization, requiring businesses to limit the collection of personal data to what is "adequate, relevant, and reasonably necessary" for the specified purposes.

Who does the MODPA apply to?

The MODPA applies to businesses that conduct business in Maryland or provide products or services to Maryland residents and meet one of the following thresholds:

  • Control or process the personal data of at least 100,000 consumers.

  • Derive 50% or more of their gross revenue from selling personal data.

Why is the MODPA important?

The MODPA is a significant step in protecting consumer data privacy in Maryland. It's essential for businesses to understand and comply with the MODPA to avoid legal and financial risks, build trust with customers, and foster a culture of responsible data handling.

How Aetos Can Help:

Aetos Data Consulting provides expert guidance and support to help businesses navigate the complexities of the MODPA. Our services include:

  • MODPA compliance audits

  • Policy development and implementation

  • Training and awareness programs

  • Data subject request management

Contact us today to learn more about how we can help your business achieve and maintain MODPA compliance.

Check out other state laws