The Maryland Online Data Privacy Act of 2024 Has Been Signed Into Law

The Maryland Online Data Privacy Act of 2024 (MODPA) has been a focal point of discussion among privacy advocates and business leaders alike. In the winter of 2024, Peter Holland testified as a proponent of the bill before the Maryland General Assembly, emphasizing the importance of protecting consumer data in an increasingly vulnerable digital world. 

The bill was signed into law by the Maryland governor on May 9, 2024. It is important to understand the current situation and the positive after-effects expected from this legislation, which will take effect on October 1, 2025.


Overview of the Maryland Online Data Privacy Act of 2024

MODPA outlines a comprehensive framework designed to safeguard the privacy of Maryland residents. This legislation introduces several consumer rights to give individuals greater control over their data. Key rights include the ability to:

  • Inquire whether a data controller is processing their data.
  • Access their data held by controllers.
  • Correct inaccuracies in their data.
  • Mandate the deletion of personal data unless retention is required by law.
  • Opt out of data processing for targeted advertising, personal data sales, and profiling.

These rights empower consumers to manage their data proactively, ensuring it is used in ways they consent to and understand.

Obligations for Controllers and Processors

Entities classified as data controllers or processors under MODPA must adhere to requirements to ensure data privacy and security. Key obligations include:

  • Limiting data collection to what is necessary for the specified purpose.
  • Establishing secure methods for consumers to exercise their rights.
  • Providing clear and accessible privacy notices detailing data processing practices.
  • Entering into contracts that specify data processing procedures when using third-party processors.

Controllers are also required to conduct regular data protection assessments to identify and mitigate potential risks to consumer privacy.

Enforcement and Compliance

The Maryland Office of the Attorney General (OAG), Consumer Protection Division, has exclusive enforcement authority under MODPA. Before initiating an enforcement action, the OAG may issue a notice of violation, granting the controller or processor at least 60 days to cure the violation. Factors considered in granting the opportunity to cure include the number of violations, the complexity of the business, and the likelihood of public harm.

With the implementation of MODPA, consumers in Maryland can expect enhancements in the protection of their data. The ability to control how their data is collected, used, and shared will likely increase consumer trust in businesses operating within the state. As stated by Peter Holland in the Baltimore Banner, this legislation represents a substantial step forward in safeguarding consumer privacy in the digital age; it just makes tremendous sense. 

As Maryland joins other states in enacting comprehensive data privacy laws, businesses nationwide must adopt more robust privacy practices. This trend toward greater data protection is expected to influence national standards and pave the way for federal data privacy legislation.

Trust the Holland Law Firm

The Maryland Online Data Privacy Act represents an advancement for the protection of consumers’ personal data. As businesses and consumers prepare for its implementation on October 1, 2025, the focus will be on ensuring compliance and leveraging the benefits of enhanced data privacy protections. 

The proactive measures outlined in MODPA are set to foster a safer, more secure digital environment for all Maryland residents. 

Contact us today if you believe your rights have been violated and your data/identity compromised due to negligence.

Sign Up For Notifcations

Each time we publish a new article you can receive a notifcation and link. Its the best way to stay up to date with consumer law. Plus, you'll receive our monthly newsletter.