This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

Maryland Enacts Minor Privacy Statute

Maryland's governor recently signed the Age Appropriate Design Code, known as the Kids Code. The statutory system imposes strict regulations on online service providers to protect children's online privacy. Providers with online products likely to be accessed by children must conduct a data protection impact assessment (DPIA), monitor guardians, and avoid harmful data collection practices.

Starting October 1, 2024, companies must adhere to these rules, with potential fines of up to $2,500 per child for negligent violations and $7,500 per child for intentional violations. Companies have until the following year to comply with the Online Data Privacy Act.

Maryland joins California with statutes aimed at protecting children's online activities. Maryland crafted to withstand free speech challenges brought against the California law, but legal challenges are inevitable. It will be interesting to see which challenges prevail and which other states join these two.

The Maryland Age Appropriate Design Code (HB 603/SB 571), or the Kids Code, requires online service providers to complete a data protection impact assessment (DPIA) if their products are “reasonably likely” to be accessed by children, implement monitoring practices for guardians, and prohibit certain data collection practices that might be harmful to children. Companies could face fines up to $2,500 per child for each negligent violation and $7,500 per child for each intentional violation. The Kids Code will go into effect on October 1, 2024, but companies will have an additional year to comply with the Online Data Privacy Act.


privacy laws, youth services law, ausburn_deborah, insights, data security and privacy