PrivacyWorld is pleased to report that the first part of a two-part article comparing Kentucky, Maryland and Nebraska’s new consumer privacy laws was published by OneTrust Data Guidance. These three state privacy laws were the 3rd, 4th and 5th laws enacted in 2024, following the new consumer privacy laws in New Hampshire and New Jersey enacted in January.

So far this year, Maryland’s Online Data Privacy Act of 2024 (MODPA) is the most different from the other progeny of the landmark California Consumer Privacy Act. MODPA has a broader scope (no entity level exemption for covered entities and business associates under HIPAA and a limited exemption for non-profit organizations), prohibits sale or processing of personal data for targeted advertising for consumers under age 18, offers an additional consumer transparency right related to disclosures of personal data to third parties and follows a stricter approach to sensitive data processing and role-based processing requirements, among other differences.

The Nebraska law also is notable because it does not have a minimum personal data processing or monetary threshold. (The Texas Data Privacy and Security Act is the only other state consumer privacy law that does not have a minimum processing or monetary threshold.)

The two-part article was authored by Squire Patton Boggs’ own Alan Friel, Julia Jacobson and Sasha Kiosse. Thank you to OneTrust Data Guidance.

Disclaimer: The views and opinions expressed here are of the author(s) alone and do not necessarily reflect the opinion or position of Squire Patton Boggs or its clients. While every effort has been made to ensure that the information contained in this article is accurate, neither its author(s) nor Squire Patton Boggs accept responsibility for any errors or omissions. The content of this article is for general information only and is not intended to constitute or be relied upon as legal advice.