Maryland enacts one of the strongest data privacy laws in the nation
Today Governor Moore signed the Maryland Online Data Privacy Act into law, putting limits on companies' data harvesting and sales.
Governor Wes Moore has signed the Maryland Online Data Privacy Act into law today, making Maryland home to one of the strongest comprehensive consumer privacy bills in the nation, second only to California. Sponsored by state Sen. Dawn Gile and Del. Sara Love, the law limits companies’ data collection, giving consumers meaningful online privacy and security protections.
With this legislation, Maryland bucks a years-long trend of heavy lobbying by the tech industry successfully watering down consumer privacy bills. A scorecard report from Maryland PIRG Foundation and the Electronic Privacy Information Center (EPIC) released earlier this year found that nearly half of state laws passed as of February 1st, 2024 received “F” grades for protecting consumers’ data. Most of the laws resemble template legislation initially drafted by an Amazon lobbyist.
While the tech lobby also tried to weaken Maryland’s bill, these efforts failed to strip the core protections from the legislation.
The most important provision of the Maryland Online Data Privacy Act prohibits companies from collecting more data than is necessary to deliver the service a consumer is expecting to get, and stops companies from selling sensitive information – such as your health data – to third parties. This is known as “data minimization”. These common sense limits will boost consumers’ privacy and personal security, as the overcollection and oversharing of data between companies makes it more likely an individual’s information will be exposed in a breach or a hack. When this happens, it greatly increases the chances of data ending up with identity thieves or online scammers.
The law goes into effect on October 1, 2025.
Updates