Skip to content
Use promo code: 04SxyxNX at checkout for 20% Off 🎉 with Optery’s Fall Sale! 🍁
Optery logo
Sign Up Free
Home / Optery Blog

New Privacy Laws in Maryland with Authorized Agent Provisions

Feature image
By
Share:
FacebookXRedditLinkedInEmail

Maryland has become the latest state to enact a comprehensive privacy law. Signed in May 2024, the Maryland Online Data Privacy Act (MODPA) took effect October 1, 2025, with enforcement beginning April 1, 2026 under the Maryland Attorney General’s Consumer Protection Division.

Maryland is the sixteenth state with a comprehensive privacy law to take effect, following California, Virginia, Colorado, Connecticut, Utah, Iowa, Texas, Oregon, Montana, Delaware, Nebraska, New Hampshire, New Jersey, Tennessee, and Minnesota.

Optery’s data removal requests are fully customized to leverage the rights granted by these laws. If you live in one of the above-listed states, you can put these privacy laws to work for you immediately, with Optery acting as your authorized agent. Depending on the state, we submit “Delete My Data” and/or “Do Not Sell” requests on your behalf. 

Scope and Requirements of the Maryland Law

MODPA applies to companies that (1) do business in Maryland or target Maryland residents, and (2) in the prior year processed 35,000+ consumers’ data, or 10,000+ if >20% of revenue comes from selling personal data. 

Personal data includes any information linked or reasonably linkable to an individual. Sensitive data (e.g., health, biometrics, precise location, children’s data) receives stronger protection, including no sale of sensitive data and opt-in consent in many cases. MODPA also adds protections for teens ages 13–17 related to ads, profiling, and data sale. 

Controllers must minimize data collection to what’s reasonably necessary, provide clear privacy notices, conduct data protection assessments for higher-risk activities (targeted advertising, sale of personal data, sensitive-data processing, and certain profiling), and offer simple ways for consumers to exercise their rights.

Consumer Rights

Marylanders can access, correct, delete, and export their data and opt out of targeted advertising, sale of personal data, and certain profiling. Consumers may designate an authorized agent to submit opt-outs. Companies cannot discriminate against consumers for exercising these rights and must respond within 45 days with an appeals process (decision within 60 days).

Implications for Businesses

Organizations serving Maryland residents should review data collection/retention, map data flows, update privacy notices and consent, implement universal opt-out signal recognition, prepare to honor rights requests and appeals on time, and perform required data protection assessments. 

Although enforcement starts in 2026, compliance is expected by the Oct 2025 effective date. (Note: the AG has a discretionary 60-day cure and penalties can reach $10k per violation / $25k for repeats; a cure provision sunsets in 2027.)

Indiana, Kentucky, and Rhode Island are the next states with privacy laws set to take effect on January 1, 2026.

If your state is not among those above, we encourage you to tell your representatives you want a comprehensive data privacy law passed in your state as soon as possible.

Similar Posts

Ready to Remove Your Info from the Internet?

Free Tools + Paid Plans starting at $3.99/mo. 1,355+ Sites covered (Automated + Custom Removals). 30-Day Money Back Guarantee!

Get Free Scan

Ready to safeguard your personal data?

Join the movement of people strengthening their privacy
Sign Up Free