The proposed bill aims to enhance consumer protections regarding the handling of biological and neural data by health and fitness applications. It prohibits covered entities from disclosing, transferring, or using a consumer's biological or neural data without the consumer's express consent, with specific exceptions outlined in the bill. The definitions of key terms such as "biological data," "neural data," and "express consent" are provided to clarify the scope of the legislation. Additionally, the bill grants the Office of the Attorney General exclusive authority to enforce these provisions, allowing for civil penalties of up to $3,000 per violation if a covered entity fails to comply after being notified of a violation.

Certain exceptions to the prohibitions are included, such as disclosures required by law enforcement, compliance with legal orders, and uses of de-identified data. The bill also allows for the collection and use of biological or neural data for noncommercial purposes by educational institutions and outlines various scenarios where data handling is permissible, such as fulfilling consumer requests or addressing security incidents. The act is set to take effect on October 1, 2026.