Privacy Laws Maryland

Maryland Online Data Privacy Act

MODPA

One of the strongest state privacy laws. Prohibits sale of sensitive data entirely. Strict data minimization. Strong children's protections (under 18).

Effective Date

2025-10-01

Enforcement

Attorney General + Division of Consumer Protection

Consumer Threshold

35,000 consumers

Revenue Threshold

No threshold

Key Requirements

Privacy notice with specific disclosures

Right to access, correct, delete personal data

Right to data portability

Right to opt-out of sale, targeted advertising, profiling

PROHIBITION on sale of sensitive data

Strict data minimization (collect only what is necessary)

Data protection assessments

Children under 18 protections

Universal opt-out recognition

No geofencing around healthcare facilities

Penalties

Up to $10,000 per violation, $25,000 for repeat violations.

Cure Period

60-day cure period (only until April 2027)

E-commerce Relevance

Cannot sell sensitive data at all. Strictest data minimization among state laws. Low threshold (35K consumers).

Back to All Privacy Laws Scan Your Site