Privacy laws · Maryland
Maryland Online Data Privacy Act.
One of the strongest state privacy laws. Prohibits sale of sensitive data entirely. Strict data minimization. Strong children's protections (under 18).
/ Diagnostic check ClearConsent scans your storefront for signals related to this law — consent banner state, GPC support, Do Not Sell links, privacy policy disclosures, cookies, and trackers.
/ Effective
2025-10-01
Effective date
When the law took effect or will take effect.
/ Consumers
35,000
Consumer threshold
The number of Maryland residents whose data triggers compliance.
/ Revenue
None
Revenue threshold
Annual revenue trigger for compliance, if applicable.
01 / Key requirements
What the law requires.
- 01Privacy notice with specific disclosures
- 02Right to access, correct, delete personal data
- 03Right to data portability
- 04Right to opt-out of sale, targeted advertising, profiling
- 05PROHIBITION on sale of sensitive data
- 06Strict data minimization (collect only what is necessary)
- 07Data protection assessments
- 08Children under 18 protections
- 09Universal opt-out recognition
- 10No geofencing around healthcare facilities
02 / Enforcement
Penalties & cure period.
Penalties
Up to $10,000 per violation, $25,000 for repeat violations.
Cure period
60-day cure period (only until April 2027)
Enforcement agency
Attorney General + Division of Consumer Protection
03 / E-commerce
What this means for
your store.
Cannot sell sensitive data at all. Strictest data minimization among state laws. Low threshold (35K consumers).