STATEMENT: Maryland enacts one of the strongest data privacy laws in nation

Media Contacts

R.J. Cross

Director, Don't Sell My Data Campaign, U.S. PIRG Education Fund

Gov. Moore signs the Maryland Online Data Privacy Act into law alongside sponsors Del. Sara Love and Sen. Dawn Gile, consumer rights groups, and representatives from the Office of the Attorney General.

BALTIMORE – Gov. Wes Moore signed the Maryland Online Data Privacy Act on Thursday, one of the strongest comprehensive consumer privacy laws in the nation, second only to California. Sponsored by state Sen. Dawn Gile and Del. Sara Love, the law goes into effect on October 1, 2025 and limits companies’ data collection, giving consumers meaningful online privacy and security protections.  

Tech lobbyists tried to weaken Maryland’s bill but, unlike in many other states where lobbyists successfully weakened legislation, these efforts largely failed. A scorecard report from Maryland PIRG Foundation and the Electronic Privacy Information Center (EPIC) released earlier this year found that nearly half of state laws passed as of February 1st, 2024 received “F” grades for protecting consumers’ data. 

In response, R.J. Cross, PIRG’s Don’t Sell My Data campaign director, issued the following statement:

“This is a huge victory for consumers. Tech lobbyists have successfully weakened legislation in states across the country, but not in Maryland. We applaud Governor Moore and state lawmakers for standing up to industry pressure and bucking the trend.

“The Maryland Online Data Privacy Act puts common sense limits on what information companies can collect about you and what they can do with it. It makes it less likely your information will end up with identity thieves and scammers. 

“Today, Maryland has proven that states can lead the way when it comes to regulating rapidly changing technology. As Congress considers its own federal privacy bill that blocks states from passing their own legislation, it should keep Maryland’s success in mind.”