The Oklahoma Computer Data Privacy Act establishes comprehensive regulations for businesses that collect personal information from consumers, defining key terms and setting thresholds for applicability based on annual revenue and data volume. The act mandates that businesses inform consumers about the data they collect, obtain consent for processing, and provide rights for consumers to request disclosure or deletion of their personal information. It prohibits discrimination against consumers exercising their rights and allows for financial incentives for data collection. The act also emphasizes compliance with existing laws, ensuring that the law with the greatest privacy protections prevails, and grants the Oklahoma Attorney General authority to enforce the act with civil penalties for violations.

Additionally, the bill outlines specific exemptions, such as publicly available information and de-identified data, while establishing consumer rights to request information about their data and opt out of its sale. Businesses must notify consumers about data collection practices and obtain explicit consent before collecting personal information. The legislation includes provisions to prevent discrimination against consumers exercising their rights and mandates that any contractual waivers of consumer rights are void. Penalties for violations are set at up to $2,500 for each infraction, with higher fines for intentional violations, and the act is designed to take effect one year after its enactment.