Maryland Online Data Privacy Act of 2024 (MD ODPA)
Comprehensive consumer-privacy statute built around a strict data-minimization model — one of the most protective in the US. Bans sale of sensitive personal data, bars targeted advertising to known minors under 18, and limits data collection to what is reasonably necessary to deliver the product or service.
Key Provisions
What MD ODPA requires
Data minimization: collection limited to what is reasonably necessary for the specific requested product or service
Ban on the sale of sensitive personal data (including data of known minors)
Prohibits targeted advertising to consumers known to be under 18
Bars processing children's data beyond what is necessary to provide the service
Restrictions on third-party tracking and data-broker sharing
Enforcement by the Maryland AG
Rule Categories Covered
Phosra enforcement categories for MD ODPA
Data Minimization
privacyEnforces collection only of the minor data strictly necessary for the requested feature; rejects schema overreach at ingest.
Commercial Data Ban
privacyBans the sale, license, or commercial transfer of minor user data to third parties under all circumstances.
Targeted Ad Block
advertisingBlocks behavioral advertising, ad profiling, and retargeting for minor users across connected platforms.
Third-Party Tracker Block
privacyBlocks third-party tracking pixels, fingerprinting scripts, and cross-site cookies on minor sessions.
Platforms Affected
Platforms covered by MD ODPA
MCP Enforcement
Enforce MD ODPA with a single API call
// Enforce MD ODPA compliance
tool: trigger_child_enforcement
input: {
child_id: "ch_emma_01",
law: "MD_ODPA",
rules: [
"data_minimization_enforce",
"commercial_data_ban",
"targeted_ad_block",
"third_party_tracker_block"]
}
→ all enforcement applied ✓
Start building MD ODPA-compliant features today
Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.