Maryland Online Data Privacy Act - ADM and profiling provisions
In effect since
Overview
Maryland's privacy law requires controllers to handle profiling and automated decision-making with stronger consumer protections, including documented risk assessments and opt-out rights.
This is a privacy law with automated decision-making provisions.
Who this applies to
This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.
AI categories covered
- Consumer-facing AI
- Automated decision-making
- Algorithmic profiling
Specific AI use cases:
- Customer profiling and segmentation
- Credit scoring and risk assessment
What this requires you to do
Consumer opt-out required
Provide an opt-out mechanism. Consumers must be able to opt out of automated decision-making.
Profiling disclosure required
Disclose profiling activities. Inform consumers when you use their data for profiling purposes.
ADM impact assessment required
Conduct an ADM impact assessment. Evaluate how your automated decision-making affects consumers.
Enforcement and penalties
Enforced by the Maryland Attorney General under state consumer protection authority. Civil penalties and injunctive relief apply for non-compliance.
Source
Read the full text
https://mgaleg.maryland.gov/2024RS/Chapters_noln/CH_455_sb0541e.pdf
Always verify current language and amendments at the official source.
Other Maryland regulations
Explore more rules in the same jurisdiction that may apply to your AI systems.
Want to know what else applies to your company?
Run a free XIRA scan to see all regulations that match your states and AI tools.