Maryland General Assembly Passes Maryland Online Data Privacy Act 

The Maryland Online Data Privacy Act passed the Maryland General Assembly today and now awaits the Governor Wes Moore’s signature. The passage of this bill marks a significant shift in state privacy law landscape toward laws that meaningfully limit personal data collection and abuse. 

EPIC testified in support of the bill in both the House and Senate earlier this spring.

Last year, EPIC crafted the State Data Privacy and Protection Act, modeled on American Data Privacy and Protection Act (“ADPPA”), to give state legislators the opportunity to use the bipartisan consensus language from ADPPA to strengthen state bills. The Maryland Online Data Privacy Act includes key data minimization principles and strong civil rights protections from that model. The Act’s data minimization requirements include limiting the collection of personal data to what is reasonably necessary for the product or service requested by a consumer, prohibits the sale of sensitive personal data, bans targeted advertising to kids and teens, and prohibits the processing of personal data in ways that discriminate.  

EPIC recently released The State of Privacy: How State “Privacy” Laws Fail to Protect Privacy and What They Can Do Better, which found that nearly half of the 14 states that have passed so-called comprehensive privacy laws received a failing grade, and none received an A. Maryland’s bill breaks the trend of states passing weak, industry-backed laws and instead provides Marylanders with some of the strongest privacy protections in the country.