Description

Enforcement begins for MODPA. Notably stricter than most state privacy laws: requires data minimization (only collect data reasonably necessary), prohibits sale of sensitive data outright regardless of consent, and requires data protection assessments for high-risk processing.

Requirements

Implement strict data minimization practices
Cease sale of sensitive data regardless of consent
Conduct data protection assessments for high-risk processing
Update data collection practices to necessary-only standard
Review and update privacy notices for MODPA compliance

Applicable To

Organizations processing data of 35K+ Maryland consumersData-selling businesses targeting 10K+ Maryland consumers

Penalty Information

⚠Civil penalties up to $10,000 for first violation, $25,000 for subsequent violations. 60-day cure period. Enforced by Maryland Attorney General.

days remaining

April 1, 2026

Share:X in @

Framework

State Privacy

US State Privacy Laws

Related State Privacy Deadlines

Indiana Consumer Data Protection Act Takes Effect
January 1, 2026
Kentucky Consumer Data Protection Act Takes Effect
January 1, 2026
Rhode Island Data Privacy Protection Act Takes Effect
January 1, 2026
Oregon Consumer Privacy Act - Enhanced Enforcement
January 1, 2026

Maryland Online Data Privacy Act - Enforcement Begins