The "Community Privacy and Safety Act" introduces new regulations for online service providers in New Mexico, focusing on the handling of consumer data. The bill requires covered entities to set default privacy settings to the highest level, provide clear privacy information, and implement strong data security measures. It includes specific protections for minors, such as disabling contact from unknown users and limiting notifications during certain hours. Additionally, the act prohibits practices like profiling consumers by default and processing personal data without explicit consent, particularly for sensitive information.

The legislation also establishes consumer rights regarding data privacy, including the right to access, correct, and delete personal data, as well as to receive clear information about data collection and processing. Covered entities are prohibited from using "dark patterns" to manipulate consumer choices and must comply with consumer requests within thirty days. The bill outlines requirements for data processing agreements and prohibits retaliation against consumers for exercising their rights, with penalties for violations. The state department of justice is responsible for rulemaking and annual reporting to ensure compliance with the Act and alignment with federal laws.