Extract from Cassandre Coyer’s article “Maryland Signs Data Privacy Act Into Law—And Bucks Several Privacy Trends”
On May 9, Maryland Gov. Wes Moore signed the Maryland Online Data Privacy Act of 2024 (MODPA) into law, marking the 17th comprehensive data privacy law enacted in the U.S. and the fifth just this year.
Most state privacy laws have crafted bills as refinements of existing frameworks, tweaking language here, adding nuances there—but privacy experts say Maryland is notable in its approach.
MODPA’s more stringent take on data minimization and sensitive data protections comes on the heels of the recently proposed American Privacy Rights Act, and as some states are continuing to craft bills with the hope that it could escape a looming preemption capacity.
“As fast as we’ve already seen them being enacted, we’re not at the end. … We’re almost certain to see additional states enact laws later this year, whether or not that’s Pennsylvania, Wisconsin, many other states have introduced various versions of their own privacy legislation,” said Kim Phan, privacy, data security and regulatory compliance partner at Troutman Pepper Hamilton Sanders.
Scope: Is It a ‘Game Changer’?
MOPDA targets organizations that conduct business in the state or provide goods and services targeted to Maryland residents and that, in the last year, have controlled or processed the personal data of at least 35,000 consumers or of at least 10,000 consumers while deriving more than 20% of their gross revenue from the sale of such data.
