In an article published by Corporate Compliance Insights on November 18, 2025, Gia Grimm and Karan Manohar discuss the Maryland Online Data Privacy Act (MODPA), which is effective as of October 1, 2025, and enforceable beginning April 1, 2026.
MODPA is a comprehensive state privacy law that regulates how businesses collect, process, use and share personal data of Maryland residents. Gia and Karan write that businesses that engage in e-commerce and retailers that collect names, addresses and payment information will need to comply with MODPA, as will subscription services businesses such as streaming platforms that keep consumer login, billing or preference details.
Gia and Karan add that under MODPA, personal data refers to any information that can be “linked or reasonably linked to an identified or identifiable consumer.” Examples of personal data include information relating to an individual’s address, email information or cookie ID.
They go on to explain that the act establishes affirmative rights for consumers, who now have the right to correct inaccuracies within their personal data and can opt out of having their personal data processed and used for targeted advertising.
With failures to comply resulting in fines of up to $10,000 per violation and $25,000 for repeated violations, it’s critical that businesses prepare for the act now, Gia and Karna said. Businesses should first determine if they are governed by MODPA, and if so, establish an implementation plan to comply with MODPA’s requirements before enforcement begins April 1, 2026.
Read the full article “What You Need to Know About Maryland’s New Data Privacy Law.” (PDF)
