top of page
Search

Government Relations Update · June 2026

  • Writer: AAF Baltimore
    AAF Baltimore
  • 3 days ago
  • 2 min read

 MODPA Is No Longer Coming. It's Here. 


 We have written about Maryland's Online Data Privacy Act before. We covered what it requires, who it applies to, and why Baltimore agencies needed to start paying attention. That was the warning track. 


This is the wall. 


As of April 1, 2026, MODPA entered active enforcement. The Maryland Attorney General now has full authority to pursue violations under the Consumer Protection Act, with penalties reaching $10,000 per violation and $25,000 for repeat violations. This is no longer a law you are preparing for. It is a law you are operating under. 


So the question has shifted. It is no longer "what does MODPA require?" It is "are we actually doing it?" 


The Standard That Caught Agencies Off Guard 


 The provision generating the most concern among practitioners is the "should have known" standard for minors. Under the previous framework, liability required proof that you knowingly targeted someone under 18. MODPA replaced that with a broader threshold. If your campaign runs on a platform or targets an audience where minors are reasonably expected to be present, you can be held liable even without proof you knew. 


That one change puts entire campaign categories in a different risk bucket. Gaming. Back-to-school. Social media. If your standard operating procedure has not accounted for this, it needs to. 


 Opt-Outs and Assessments Are Not Optional 


Two other enforcement-ready obligations are worth flagging. First, universal opt-out signals must be honored for targeted advertising, data sales, and profiling. If your consent flows have not been updated to reflect this, they are out of compliance today, not eventually. 

Second, data protection assessments are now required for high-risk processing activities. Targeted advertising is explicitly on that list. This is not something you can schedule for the next planning cycle. 


A Note on the Digital Ad Tax 


Separate from MODPA but worth mentioning in the same breath: updated Comptroller guidance effective January 1, 2026 tightened record-keeping requirements and clarified billing disclosure rules for the Digital Advertising Gross Revenues Tax. If your agency invoices clients for digital ad services from large platforms, your billing templates deserve a second look. 


What Is at Stake 


The Maryland Attorney General enforces MODPA under the Consumer Protection Act. Penalties reach $10,000 per violation and $25,000 for repeat violations. For agencies managing multiple campaigns across multiple clients, those numbers can add up quickly if data flows are not properly documented and consent mechanisms are not in place. 



What to Do Now 


Three practical starting points: 

  • Review your consent flows. Universal opt-out compliance is the most immediate gap for many agencies. 

  • Audit your youth-adjacent campaigns. The "should have known" standard requires a fresh look at any campaign targeting platforms where minors are reasonably expected to be present. 

  • Check your billing templates. 


Maryland's regulatory environment is moving fast, and our GR Committee is tracking it so you do not have to start from scratch. If you want to stay current on the policy developments affecting Baltimore's advertising community, follow along here and keep an eye on what we are publishing. 


Questions about how MODPA affects your agency specifically? Reach out at advocacy@baltimoreadvertising.org. We are here to help our community navigate this. 


Submitted by Ronaldo J. Sellers, Government Relations Chair, AAF Baltimore

 
 

Recent Posts

See All
Government Relations Update · MARCH 2026

Back in January, we published a primer on MODPA, the digital ad tax, and Baltimore City's sharper consumer protection posture. The big message was simple: these aren't abstract policy conversations an

 
 
bottom of page