On May 9th, 2024, Maryland’s Governor Wes Moore signed a significant new law into effect: the Maryland Online Data Privacy Act (MODPA) of 2024. This law is all about making sure businesses, whether they’re in Maryland or just serving Maryland residents, handle your personal information with care. They need to keep it safe from prying eyes and potential misuse, so your data doesn’t end up in the wrong hands.

Related: The Ethical Implications of ChatGPT: Addressing Bias and Privacy Concerns.

How Does MODPA Work?

MODPA serves as a set of ground rules for businesses to protect your personal info. They need to have solid security measures in place to keep your data safe from hackers and unauthorized access. Simply put, they have to make sure your information doesn’t get lost, stolen, or misused.

When Does This Law Kick In?

MODPA goes live on October 1, 2025, but it won’t cover any personal data handling that happened before April 1, 2026. The time frame will be important so that businesses have some time to get their systems in order and comply with these new rules.

What Does MODPA Cover?

This law gives you more control over your personal data and how it’s used online. It lets you opt-out of having your data used for targeted ads, sold, or even profiled in some cases. With MODPA, you get to decide who gets to use your info and for what purpose, which helps prevent your data from being sold to scammers or ending up on those annoying robocall lists.

Who Needs to Follow MODPA?

MODPA applies to any business that operates in Maryland or offers services to Maryland residents. If they handle the personal data of at least 35,000 people, or 10,000 people if more than 20% of their revenue comes from selling personal data, they need to follow these rules. This law doesn’t apply to individual employees or businesses with a few exceptions.

What Do Businesses Need to Do?

To comply with MODPA, businesses have to follow several key steps:

  • Collect Only What’s Necessary: Businesses should only gather the personal data needed to provide the service or product you requested.
  • No Selling Sensitive Data: They can’t sell sensitive information like your race, health data, or exact location.
  • Regular Data Checks: They need to regularly assess how they handle data to prevent any potential harm to consumers.
  • Protect Minors: If a business knows a consumer is under 18, they can’t sell their data for targeted advertising.
  • Clear Privacy Notices: They must provide clear and accessible privacy notices to you.
  • No Discrimination: They can’t use your data in a way that leads to discrimination or denies you access to goods or services.

What Rights Do Consumers Have?

Under MODPA, your consumers have several rights, including the ability to:

  • Find out if your data is being used.
  • Correct any inaccurate data.
  • Delete your data if you wish.
  • Get a copy of your data.
  • Know which third parties have access to your data.
  • Opt-out of certain data processing activities.

Businesses must respond to requests within 45 days and can get an extension if needed.

How Is MODPA Enforced?

Maryland’s Division of Consumer Protection will oversee enforcement. If a business isn’t following the rules, they’ll get a notice and have at least 60 days to fix the problem.

How Does This Affect My Advertising?

As a business owner understanding MODPA is crucial to avoid any compliance issues. While these rules might seem like a hassle at first, there are still plenty of ways to reach your customers effectively while respecting their privacy. Balancing great marketing with data protection is not just possible, but essential for future success. Talk to us today to learn more about how you can keep connecting with your customers while keeping their data safe.