Maryland residents now have some of the most powerful data privacy protections in the nation. The Maryland Online Data Privacy Act (MODPA), signed into law in May 2024 and fully enforceable as of April 1, 2026, gives you the right to opt out of data sales, request deletion of your personal information, and benefit from an outright ban on the sale of sensitive data. Here is how to use these rights to remove your information from data brokers operating in Maryland.
What the Maryland Online Data Privacy Act Covers
MODPA applies to businesses that operate in Maryland or target Maryland residents and meet one of two thresholds: they control or process the personal data of at least 35,000 Maryland consumers in a calendar year, or they control or process the data of at least 10,000 Maryland residents and derive more than 20% of their gross revenue from selling personal data. That second category captures most data brokers directly.
The law grants Maryland consumers several core rights:
- Right to access and correct — Confirm whether a business is processing your personal data, obtain a copy, and fix inaccuracies.
- Right to delete — Request that a business delete all personal data it collected from or about you.
- Right to data portability — Receive your data in a portable, machine-readable format.
- Right to opt out — Stop businesses from selling your personal data, using it for targeted advertising, or profiling you.
- Right to a third-party list — Obtain a list of the specific third parties a company has shared your personal data with. Maryland is one of the few states that grants this right, giving you a concrete list of where to send deletion requests.
For data broker removal, the right to opt out, right to delete, and right to a third-party list work together as a powerful combination. Once you submit a valid request, the business must comply within 30 days.
MODPA's Sensitive Data Sale Ban
Unlike most other state privacy laws, MODPA contains an outright prohibition on selling sensitive data. There is no consent workaround and no opt-out checkbox. Sensitive data including racial or ethnic origin, religious beliefs, health information, sexual orientation, transgender or nonbinary status, genetic data, biometric data, children's data, and precise geolocation cannot be sold under any circumstances. This is the first blanket ban of its kind in any U.S. state privacy law.
Step 1: Find Your Listings on Data Broker Sites
The first step is identifying which data brokers have your information. Search for your full name on the most common people search and data broker sites:
- Spokeo
- BeenVerified
- WhitePages
- TruePeopleSearch
- PeopleFinders
- FastPeopleSearch
- Radaris
- Intelius
- MyLife
- Nuwber
- USSearch
Also run a Google search for your full name in quotes along with your city, such as "John Smith" Baltimore MD. Record every site where your personal information appears, including addresses, phone numbers, relatives, and other details.
Step 2: Submit MODPA Opt-Out and Deletion Requests
For each data broker you identified, submit a formal opt-out and deletion request. Most brokers provide an online mechanism, typically found under "Privacy," "Your Privacy Rights," or "Do Not Sell My Info" in the website footer.
Here are the general steps for the most common brokers:
- Spokeo — Visit Spokeo's opt-out page, paste the URL of your profile, enter your email address, and confirm via the verification email they send.
- BeenVerified — Go to BeenVerified's opt-out page, search for your listing by name and state, select your profile, enter your email, and complete the CAPTCHA. Removal typically takes 24 hours.
- WhitePages — Visit the Whitepages suppression request page, find your listing, and verify your identity by phone to complete the removal.
- TruePeopleSearch — Find your listing, click the "Remove This Record" button, and confirm removal through email verification.
If a broker does not offer a clear online form, email their privacy contact directly. State that you are a Maryland resident exercising your rights under MODPA, request deletion of all personal data, request an opt-out from sales, targeted advertising, and profiling, request a list of all third parties they have shared your data with, and include identifying details such as your full name, date of birth, and current and previous addresses.
Sample MODPA Opt-Out Email
"I am a Maryland resident exercising my rights under the Maryland Online Data Privacy Act (MODPA). I request that you: (1) delete all personal data you hold about me, (2) opt me out of the sale of my personal data, targeted advertising, and profiling, and (3) provide me with a list of all third parties to which you have disclosed my personal data. My identifying information: [Name, DOB, current address, previous addresses, email]. Please confirm completion within 30 days as required by law."
Step 3: Use Universal Opt-Out Mechanisms
MODPA requires businesses to honor universal opt-out preference signals, such as the Global Privacy Control (GPC) browser signal. This means you can configure your browser to automatically send opt-out requests to every website you visit, and Maryland law requires businesses to honor those signals.
To enable GPC:
- Firefox — Install the Global Privacy Control extension or enable it in privacy settings.
- Brave — GPC is enabled by default in the Brave browser.
- Chrome/Edge — Install a GPC extension such as Privacy Badger or OptMeowt.
While GPC helps prevent future data sales, it does not remove information that brokers already have. You still need to submit individual deletion requests for existing listings.
Step 4: Address Maryland Public Records
Data brokers collect much of their information from publicly available records in Maryland:
- Property records — The Maryland Department of Assessments and Taxation publishes property ownership records including names, addresses, and property values.
- Voter registration — The Maryland State Board of Elections maintains voter rolls that include name, address, date of birth, and party affiliation.
- Court records — Maryland Judiciary Case Search provides online access to court case information.
- Vehicle records — The Maryland Motor Vehicle Administration holds driver and vehicle records.
Maryland's Address Confidentiality Program (Safe at Home) is available to victims of domestic violence, human trafficking, sexual assault, and stalking. Participants receive a substitute address for use on public records, which helps prevent data brokers from scraping their actual location.
Step 5: Appeal Denied Requests
If a data broker denies your opt-out or deletion request, MODPA gives you the right to appeal. The broker must provide instructions for filing an appeal along with their denial. If the appeal is also denied, you can file a complaint with the Maryland Attorney General's Consumer Protection Division.
The Attorney General can issue a notice of violation and allow a 60-day cure period before pursuing penalties. This cure period remains mandatory until April 1, 2027, after which it becomes discretionary. Civil penalties can reach $10,000 for a first violation and $25,000 for subsequent violations.
Data Brokers Will Re-List Your Information
Even after a successful opt-out, data brokers routinely re-scrape public records databases and rebuild your profile within weeks or months. A single new public record, such as a property transaction or voter registration update, can trigger an entirely new listing. Opt-outs are not permanent, and you will need to monitor and re-submit removal requests on an ongoing basis to keep your information off these sites.
Step 6: Strengthen Your Overall Privacy
Data broker opt-outs work best when combined with broader privacy practices:
- Freeze your credit — Contact Equifax, Experian, and TransUnion to prevent unauthorized credit inquiries.
- Lock down social media — Review privacy settings on Facebook, Instagram, LinkedIn, and other platforms to limit public visibility.
- Use email aliases — Services like Apple's Hide My Email or SimpleLogin prevent your real email address from being harvested by brokers.
- Minimize data sharing — Use a P.O. Box for mail, decline loyalty programs that track purchases, and avoid providing your phone number at checkout.
The Easier Way: Let PrivacyOn Handle It
Manually submitting opt-out requests to over 100 data broker sites, monitoring for re-listings, and re-submitting removals is a time-consuming process that never ends. PrivacyOn automates the entire process for Maryland residents. We submit MODPA-backed removal requests to more than 100 data broker sites, continuously scan for re-listings, and provide dark web monitoring to alert you if your personal data appears in breach databases.
With MODPA now fully enforceable, Maryland residents have strong legal backing for every removal request. PrivacyOn leverages these protections to ensure data brokers comply, so you can protect your privacy without spending hours on manual opt-outs. Plans start at just $8.33/month and cover up to 5 family members.
Take Control of Your Data
MODPA is one of the strongest state privacy laws in the country, with its sensitive data sale ban, third-party disclosure list requirement, and universal opt-out mandate. Whether you handle opt-outs yourself or use PrivacyOn to automate the process, the law gives you the tools to demand that data brokers stop profiting from your personal information. Start protecting your privacy today.