The Internet Privacy and Safety Act establishes comprehensive regulations for online service providers regarding consumer data management. It requires that covered entities set default privacy settings to the highest level, provide clear privacy information, and implement strong data security measures. The Act includes specific protections for minors, such as disabling contact from unknown users and limiting notifications during certain hours. It also prohibits practices like default consumer profiling, unnecessary processing of personal data, and the use of deceptive design patterns that manipulate consumer choices.

The proposed bill enhances consumer rights by mandating explicit consent for processing personal data related to targeted advertising and data brokerage. It grants consumers the right to access, correct, and delete their personal data, with covered entities required to respond to requests within thirty days. Additionally, the bill establishes data processing agreements to ensure compliance with the Act, prohibits retaliation against consumers exercising their rights, and outlines penalties for violations. It also includes provisions for exceptions based on federal privacy law compliance and mandates the state department of justice to develop implementation rules and report on the alignment of state and federal data privacy laws.