Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Maryland enacts child consumer protection laws

Privacy, Cyber Risk & Data Security State Issues Maryland Consumer Protection State Legislation

Privacy, Cyber Risk & Data Security

On May 9, the Governor of Maryland approved SB 571 (the “Act) to provide consumer online protections for children. The Act will afford protections from online products aimed at children or that are likely accessed by children. Specifically, the Act will require companies that provide online products “reasonably likely to be access[ed] by children” to prepare a data protection impact assessment (DPIA) for the online product. The DPIA will identify the purpose of the online product, how the product uses children’s data, determine if the product would be in children’s best interests, and include a description of the compliance steps the company will have taken to comply with the duty to act in a manner consistent with the best interests of children, among other requirements. The Act outlined several violations, including against processing data not in children’s best interests, profiling children, processing geolocation, using of dark patterns, or monitoring of children’s activities without first notifying the parent/guardian. The Act will go into effect on October 1.