STATEMENT: Maryland passes one of the strongest privacy laws in nation

Media Contacts
Emily Scarr

State Director, Maryland PIRG; Director, Stop Toxic PFAS Campaign, PIRG


BALTIMORE – On Saturday, the Maryland General Assembly passed the Maryland Online Data Privacy Act of 2024 (HB 567/SB 541). Sponsored by State Sen. Dawn Gile and Delegate Sara Love, the bill goes into effect on October 1, 2025 and limits companies’ data collection, giving consumers meaningful data privacy and security protections.

Since 2018, 15 states have passed comprehensive consumer privacy laws. A scorecard report from Maryland PIRG Foundation and the Electronic Privacy Information Center (EPIC) released in February found that nearly half of current state laws receive “F” grades for how well they protect consumers’ data. The Maryland Online Data Privacy Act received a B- on the scorecard, and ranked as the second strongest law in the nation after California.

Lobbying by tech companies has shaped the passage of weak laws nationwide, and lobbyists have also tried to weaken Maryland’s efforts. A House lawmaker introduced an industry-friendly amendment that would gut the core provision of the bill – known as data minimization – but these attempts failed.

In response, Maryland PIRG’s Don’t Sell My Data campaign director R.J. Cross issued the following statement:

“The more of your data companies collect, the more risky it is for you. More companies holding onto your data means it’s more likely that identity thieves or scammers will steal your information in a breach or a hack. The Maryland Online Data Privacy Act puts common sense limits on what companies can collect and what they can do with it. This bill is a win for consumers, and we hope Gov. Moore will move quickly to sign it into law.

“Tech lobbyists have successfully gutted legislation in states across the country, but not in Maryland. Maryland lawmakers have bucked the trend by standing up to the tech industry in order to protect consumers.”