Maryland Online Data Privacy Act (MODPA)
The new law establishes data protection rights and requires companies that track or target the state’s residents to meet stricter requirements around data collection—especially related to data minimization, consent, universal opt-out mechanisms, sensitive data, and children’s data.
Is Complying with MODPA Mandatory?
The law applies to anyone who conducts business in the state, as well as those who provide services or products targeted to residents of Maryland and during the prior calendar year either:
Controlled or processed the personal data of at least 35,000 consumers, with the exception of personal data collected or processed solely for completing a payment transaction, or:
Controlled or processed the personal data of at least 10,000 consumers and derived more than 20 percent of its gross revenue from the sale of personal data.
What are the penalties for not complying with MODPA?
Violations can result in fees up to $10,000 per violation, with repeated violations potentially incurring fees up to $25,000 per violation.