The Maryland Online Data Privacy Act (“MODPA”) establishes operational privacy compliance requirements governing how organizations collect, use, disclose, manage, and operationalize personal data involving Maryland residents.
The law introduces obligations involving consumer rights, sensitive data governance, data minimization standards, targeted advertising controls, vendor oversight, and operational privacy governance. The MODPA became effective October 1, 2025.
Operational Focus Areas.
Organizations evaluating Maryland privacy compliance obligations should pay particular attention to:
Consumer rights and request workflows,
Heightened sensitive data restrictions,
Strict data minimization and necessity requirements,
Targeted advertising and profiling obligations,
Minors’ privacy obligations,
Operational controls surrounding consent and data collection practices,
Vendor and processor oversight,
Privacy notice alignment, and
Operational documentation practices.
Organizations Commonly Use These Resources To:
Evaluate operational privacy obligations,
Operationalize consumer rights workflows,
Strengthen sensitive data governance,
Coordinate privacy and vendor oversight activities,
Support audit-readiness efforts, and
Maintain defensible compliance operations.
CLIClaw’s operational compliance resources are designed to support operational compliance implementation and governance planning. Organizations should evaluate their specific business practices, technologies, data environments, and operational risks when implementing privacy compliance programs.
