The Internet Privacy and Safety Act introduces comprehensive regulations for online service providers regarding consumer data management. It requires these entities to set default privacy settings to the highest level, provide clear privacy information, and implement strong data security measures. The Act includes specific protections for minors, such as disabling contact from unknown users and limiting notifications during certain hours. It also prohibits practices like default consumer profiling, unnecessary processing of personal data, and the use of deceptive user interfaces to manipulate consumer choices.

Additionally, the Act enhances consumer rights by mandating explicit consent for processing personal data related to targeted advertising and data brokerage. Consumers are granted the rights to access, correct, and delete their personal data, with covered entities required to respond to requests within thirty days. The legislation establishes data processing agreements to ensure compliance, prohibits retaliation against consumers exercising their rights, and outlines penalties for violations. It also includes exceptions for federal law compliance and assigns responsibilities to the state department of justice for rulemaking and reporting on the Act's implementation.