The Maryland Online Data Privacy Act: Is It The Strongest Consumer Personal Data Protection Statute? featured image

The Maryland Online Data Privacy Act: Is It The Strongest Consumer Personal Data Protection Statute?

by John DiGiacomo

Partner

Internet Law

On May 9, 2024, Maryland became the latest U.S. State to enact a comprehensive consumer data privacy statute called the Maryland Online Data Privacy Act (“MODPA”). Technically, MODPA goes into effect on October 1, 2025. However, the true effective date of the statute is April 1, 2026.

From a review of MODPA and comparison to similar statutes enacted in various States, it is fair to say that MODPA is very strongly protective of consumers personal data. Indeed, there is a good argument that MODPA is more protective of consumers than even the California version (which is generally considered the most protective data privacy statute).

As one example, MODPA applies to persons that conduct business in Maryland or provide products/services targeted to residents of Maryland and that:

  • Controlled or processed the personal data of at least 35,000 consumers, excluding data processed solely for payment processing or
  • Controlled or processed the personal data of at least 10,000 consumers and derived more than 20% of its gross revenue from the sale of personal data

In contrast, the California Data Privacy Act applies to any business meeting any of these thresholds:

  • (A) As of January 1 of the calendar year, had annual gross revenues in excess of twenty-five million dollars ($25,000,000) in the preceding calendar year …
  • (B) Alone or in combination, annually buys, sells, or shares, the personal information of 100,000 or more consumers or households
  • (C) Derives 50% or more of its annual revenues from selling or sharing consumers’ personal information

As can be seen, MODPA will cover many more businesses — and protect much more consumer data — than even the California data privacy statute. It should be noted that the Maryland statute continues the trend of excluding data that is used only for payment processing.

In addition, unlike most of these data privacy statutes, not-for-profit organizations are NOT exempt from coverage of the MODPA unless they are not-for-profit organizations that collect personal data to assist law enforcement (in certain circumstances) or to assist first responders in responding to catastrophic events.

The most consumer-protective provisions of the MODPA are contained in Section 14-4607 concerning what controllers of consumer personal data can and cannot do. For example, MODPA states that controllers “may not” “sell sensitive data” or “collect, process, or share” sensitive data except where the collection or processing is “strictly necessary” to provide or maintain a “specific product or service” for the consumer. So far, that is the highest level of protection provided by any of these statutes for consumers’ “sensitive data.”

MODPA also offers the strongest protection for the personal data of children. With respect to “personal data” — a broader category of personal data — MODPA bans the sale of personal data for any consumer if the controller knows (or has reason to know) that the consumer is under the age of 18. Further, for those under the age of 18, MODPA bans the processing of personal data for the purposes of targeted advertising.

MODPA also adds an important protection for consumers participating in bona fide loyalty, rewards, premium features, discounts or club card programs. Generally, all of the consumer data privacy statutes provide an exemption such programs. MODPA also exempts such programs “… provided that the selling of personal data is not a condition of participation in the program.”

These and other examples demonstrate that MODPA is probably the strongest of the data protection statutes enacted to date.

Contact The Consumer Data Privacy and Compliance Attorneys At Revision Legal

For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case