Phoebe Normandia
Don't Sell My Data intern
The Maryland privacy law gives you some control over how businesses collect and use your personal data. Here's how to take advantage.
Don't Sell My Data intern
Director, Don't Sell My Data Campaign, U.S. PIRG Education Fund
The new Maryland privacy law – called the Maryland Online Data Privacy Act – passed in May 2024. Most of the law goes into effect October 1, 2025. A second part – the global opt-out mechanism – goes into effect April 2026.
The Maryland Online Data Privacy Act is a consumer privacy law that puts meaningful limits on what data companies can collect about you and what they can do with it. Unlike in many other states, companies can only collect what data is actually necessary to deliver a service you’re expecting to get. No more fast food loyalty apps to collecting your location 24/7 or your VR game app collecting your social security number. Even more importantly, the law bans companies from selling sensitive data, like information about your health or religious beliefs, to anyone.
This means the burden is not completely on you to protect your information.
Report ●
In addition to putting good upfront rules on what data companies can collect in the first place, the Maryland privacy law also grants you some basic rights regarding your personal information:
Starting in April 2026, Maryland residents will gain another important protection: the ability to more easily opt-out of data collection and sales. You will be able to automatically tell websites you don’t want them to collect new personal data from you by downloading a tool called a universal opt-out mechanism.
A universal opt-out mechanism is a piece of technology that helps you automatically opt-out of data collection online. Once you’ve downloaded the tool, the mechanism will broadcast to every site you visit that you don’t want your data collected or sold. That way you don’t have to individually contact every website you visit to opt out.
You will, however, need to do a bit of work to get the tool working.
The Global Privacy Control is currently the most widely recognized version of universal opt-out mechanism. There are a number of tools available that incorporate the Global Privacy Control (GPC).
Find your web browser below for our recommendations of tools that include GPC signals.
To automatically opt-out of data collection on websites while using your Chrome browser, you need to download a special browser extension. You have a couple of options.
To automatically opt-out of data collection on websites in Safari, you need to download a special browser extension. Apple currently doesn’t allow our favorite tool – Privacy Badger – in Safari, but there is another option you can use.
To automatically opt-out of data collection on websites in Edge you’ll need to download a special browser extension. You have a couple of options:
Firefox is the only major browser that has a GPC signal built into it automatically, so you don’t have to download any special tools. But you do have to go turn it on.
The Global Privacy Control isn’t perfect – but it’s worth going ahead and downloading a universal opt-out mechanism now, even before companies are required to listen to opt-out signals in 2026.
To exercise your other core rights – accessing, correcting or deleting the data a company has already collected on you – you must submit a request directly to each business. Companies must tell you how to send a request in their privacy policy.
Read: How to read a privacy policy
When looking at a privacy policy, search for a section titled “Your Privacy Rights,” “Your Rights and Choices,” or something similar. Use ctrl+f for the term “privacy”, “rights”, or “opt” to find this information more quickly. In this section, the business should give you instructions for how to access, correct, or delete your personal data. It will typically be a web form or an email address you need to send a request to.
If you run into problems during this process — like an invalid email address, or a web form where Maryland isn’t available in a dropdown menu — make sure to log a consumer complaint with the AG’s office. That way the AG knows which companies need a talking to.
There are lots of companies that likely have your data. The worst actors are shadowy companies called data brokers that specialize in collecting, buying, combining, and reselling data that it bundles into profiles about you. They get data from all kinds of places and sell it to practically whomever is looking to buy. They’re terrible for your personal security.
We recommend starting with some of the biggest data brokers below. You can submit an access request if you want to see what data they have on you, or jump straight to deleting your data and opting out of future data collection.
Maryland’s privacy law is pretty good – second only to California nationwide. It’s great that it moves more responsibility for data collection and use on companies automatically, so your information being protected isn’t dependent on you spending a lot of time exercising your rights.
There are things it could do better. For example, it’d be stronger and better for your privacy and security if the law banned companies from selling any of your information, and not just your sensitive data like about your health. It’d also be better if enforcement of the law didn’t reside solely with the Attorney General and instead allowed consumers to take companies to court for violating their privacy rights directly.
Still, Maryland residents are now some of the best protected in the nation. Other states should take the cue.
If you want to ensure that your data is as protected as possible, there are other steps you can take besides relying on your Maryland data rights. We’ve got simple ways you can boost your data security here.
See below for even more tips to put you more in control of your information online.
Mastercard sells transaction data -- like where cardholders shop, when and how much they spend -- to third parties.
Sign the petition
How to request and download your Facebook data
Don't Sell My Data intern
R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, predatory auto lending and consumer debt. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder.
Report ●