Maryland’s Online Data Privacy Act is now in effect, putting hard constraints on collecting and retaining personal data. For AI and analytics teams, that shifts the default posture toward smaller real-data footprints—and more synthetic data for development, testing, and model iteration.
Maryland’s MODPA takes effect, tightening data collection limits—and reshaping AI data pipelines
Maryland’s Online Data Privacy Act (MODPA) took effect in October 2025, requiring “substantive data minimization” that restricts collection to what is necessary. The law signals a move away from notice-based privacy approaches toward stricter limits on what organizations can collect and use in the first place.
For teams building or operating AI systems, that translates into immediate pipeline pressure: less latitude to hoard raw customer or user data “just in case,” and more scrutiny on whether each feature, log stream, or training dataset is demonstrably needed. The SDN brief frames synthetic data as a practical counterweight—supporting model training and testing when real-world data access becomes narrower under minimization rules.
- Synthetic becomes a compliance lever: If collection is constrained to necessity, synthetic datasets can help preserve iteration speed for training/test cycles without expanding exposure to personal data.
- Minimization changes engineering defaults: Expect more pressure to justify every field collected, shorten retention, and build “privacy by design” into feature stores, telemetry, and offline training workflows.
- Multi-state compliance favors standardization: With “over 19 states” adopting their own minimization laws (per the source), organizations will look for repeatable patterns—like a single synthetic generation pipeline—to reduce legal and audit overhead.
- Risk management amid evolving enforcement: As enforcement mechanisms develop, teams that can show reduced reliance on real personal data may have a more defensible posture for analytics and ML use cases.