Maryland Looks to Narrow Data Broker Registry Legislation
Maryland lawmakers will narrow definitions in a data broker tax proposal so the bill targets hundreds, not thousands, of businesses, Sen. Katie Hester (D) said Wednesday (see 2502250042).
Sign up for a free preview to unlock the rest of this article
Hester told the Senate Budget and Taxation Committee that California tracks about 500 registered entities under its data broker registration law, SB-362. Hester was advised that the Maryland proposal (SB-904/HB-1089) could apply to some 10,000 registered entities and sponsors want to tailor language so the registry is more manageable.
Several industry representatives testifying in opposition said the bill would essentially apply to every company doing business in the state. MDDC Press Association Executive Director Rebecca Snyder said members of her newspaper association would be swept in.
Hester said the bill’s 6% tax on gross income for registered entities could generate more than $340 million annually for Maryland. About $2.5 million would be used annually to maintain a privacy enforcement unit with the attorney general’s office. This would bolster investigation resources for the new law as well as Maryland’s Online Data Privacy Act and the state’s Kids Code.
Attorney General Anthony Brown (D), who previously testified on the House version of the bill, said Maryland has one attorney currently devoted to privacy enforcement. He noted there are six attorneys and three staffers in Connecticut’s privacy enforcement unit, three attorneys and two staffers in Oregon and two attorneys and two staffers in Delaware. “I need lawyers trained in this area,” he said.
Caitriona Fitzgerald, deputy director for the Electronic Privacy Information Center (EPIC), testified in favor. She offered the same recommendation she gave House sponsors: Maryland should include a data deletion mechanism like the one created in California.
The Maryland Retailers Alliance testified against the measure, saying the bill as drafted will apply to just about every entity that collects data in the state. President Cailey Locklair recommended Hester tailor the legislation to target businesses selling consumer data without having a direct relationship with consumers.
Hester said in her opening remarks that the plan is to amend the bill to focus on large data brokers who don’t have a direct relationship with consumers. That will hopefully resolve some of the opposition from smaller companies in the state, she said.
TechNet and the Computer & Communications Industry Association both testified against SB-904. CCIA State Policy Director Megan Stokes said the bill will have an impact on CCIA members, and she looks forward to seeing the definitions narrowed. Margaret Durkin, TechNet executive director for the Mid-Atlantic, said the bill as written introduces definitions that will conflict with exemptions from Maryland’s comprehensive privacy law, which takes effect Oct. 1.
Hester noted Vermont joined California in passing a data broker registration law, and Washington is considering a tax on data broker profits. But Durkin noted sponsors of the Washington proposal (HB-1887) have put the bill on hold for 2025 (see 2502210027).