Maryland's MODPA is the most consumer-protective state privacy law in effect — it includes strict data minimization, prohibition on sale of sensitive data, and special protections for minors.
Last reviewed 2026-06-19 · Risk rating rationale: Data minimization standard (only collect what's 'reasonably necessary') is more demanding than other state laws. 35,000-resident threshold catches many SMBs.
Find out in 10 seconds whether your site meets Maryland's requirements
Scantra runs a free, no-account, 9-check audit of your homepage covering privacy policy, contact info, CCPA-style opt-out, security headers, accessibility, and SEO basics. Most Maryland sites we scan fail at least three.
No credit card · Email required so we can send you the full results.
Key Maryland laws affecting websites
The statutes most likely to apply to a commercial website serving Maryland residents. Click a citation to read the official text where available.
MODPA
— Maryland Online Data Privacy Act· Effective 2025
Applies to: Entities that conduct business in Maryland or provide products/services targeted to Maryland residents AND control or process data of 35,000+ Maryland consumers (or 10,000+ with 20%+ revenue from data sale).
What your website must do
Privacy notice with rights enumeration
Data minimization: collect ONLY personal data that is reasonably necessary and proportionate to the disclosed purpose
Absolute prohibition on SALE of sensitive data
Opt-in consent required even for processing of sensitive data
Special protections for minors under 18 (no targeted ads, no sale, no profiling)
Honour Global Privacy Control
Citation: Md. Code Ann., Com. Law § 14-4601 et seq. · Official source ↗
Maryland compliance by topic
Consumer data protection
State-specific rule applies
What your site has to disclose, ask consent for, and allow consumers to do with their personal information.
MODPA's data minimization standard requires a real review of what data you're collecting and why — passive 'collect everything you can' practices fail under MODPA.
Practical requirements for your website
Audit all data collection points and document the necessity of each field
Privacy notice with rights enumeration and data minimization commitment
Honour GPC
Cookies and tracking
Federal law applies
When you need consent, opt-outs, or universal-signal honor for cookies and analytics scripts.
No cookie banner mandate but tracking cookies that collect sensitive data trigger MODPA opt-in.
Practical requirements for your website
Honour GPC
Privacy choices link in footer
Accessibility (ADA + state)
Federal law applies
WCAG conformance expectations and how the state's accessibility cases tend to be litigated.
Federal ADA Title III applies.
Practical requirements for your website
WCAG 2.1 AA conformance
Cybersecurity and breach response
Federal law applies
What 'reasonable security' looks like under state law and how fast you have to notify after a breach.
Federal FTC Act applies.
Practical requirements for your website
Material connection disclosures
Email and SMS marketing
Federal law applies
How federal CAN-SPAM and TCPA interact with state-level marketing rules in this jurisdiction.
Federal CAN-SPAM applies.
Practical requirements for your website
Standard CAN-SPAM compliance
AI regulation
Federal law applies
Which AI uses the state has chosen to regulate, who's covered, and what the website has to disclose.
MODPA covers profiling for significant decisions. Special restrictions on profiling of minors.
Practical requirements for your website
Profiling opt-out for significant decisions
Frequently asked questions about Maryland website compliance
What does 'reasonably necessary and proportionate' actually mean under MODPA?
It means you can't collect data 'just in case it's useful later.' Every field on a form must be tied to a documented purpose, and the data must actually be needed to achieve that purpose. A typical fail: asking for date of birth on a newsletter signup when you don't actually do age-targeted content.
Ready to check your own site against Maryland's requirements?
The same free 9-rule scan, no signup needed. Two of the findings include drafted fixes you can copy/paste; full results (and ongoing monitoring) come with a free account.
Important: Scantra is a software tool and a non-profit publisher, not a law firm. The summaries on this page are written for general business orientation and reflect the editors' reading of the statutes as of 2026-06-19. They are not legal advice and should not be the only source you rely on for compliance decisions. For your specific situation, consult a licensed attorney in Maryland.