IAPP: Maryland adds new dimensions to US comprehensive state privacy law patchwork 

Privacy advocacy groups have long sought the inclusion of data minimization in state privacy statutes. However, states considering and passing legislation in recent years showed reluctance or little appetite to go through with minimization. 

“It’s a real game-changer for consumers because it takes the onus off them to protect their privacy and instead requires companies to look at their data collection practices and change them to better meet consumer expectations,” Electronic Privacy Information Center Deputy Director Caitriona Fitzgerald said. 

EPIC released a joint report with the U.S. Public Interest Research Groups Education Fund in February grading the strength of the 14 enacted state laws at the time of publication. Only three states received better than a “C” grade while six state laws were graded “F” based on an EPIC-generated criteria. 

“Most (state laws) are copycats of each other, but especially the ones recently passed,” Fitzgerald added. “It was really encouraging to see Maryland legislators say ‘No, this is not enough.’ It’s not enough to say companies can put whatever they want in privacy policies. Instead, they said companies need to look at the context of the interactions they’re having with the consumer and the collection necessary for that.” 

Read more here.