Senate Bill No. 546 aims to enhance consumer rights regarding the processing of personal data in Oklahoma by establishing clear definitions and outlining specific rights for consumers, such as accessing, correcting, deleting, and opting out of data processing. The bill mandates that data controllers respond to authenticated consumer requests within a designated timeframe and provides a structured appeal process for denied requests, requiring written explanations within 60 days. It also prohibits contractual provisions that waive consumer rights and requires privacy notices that detail data practices. Additionally, the bill imposes duties on data controllers and processors, including conducting data protection assessments and maintaining confidentiality of de-identified data.

The legislation grants enforcement authority to the Attorney General, who can impose civil penalties for violations and must provide a 30-day cure period before initiating legal action. The bill outlines specific exemptions for certain entities and types of information, such as state agencies and protected health information, while clarifying that compliance with the Children's Online Privacy Protection Act meets parental consent requirements. It allows for data collection for internal research and product improvement, and the act is set to take effect on July 1, 2026, ensuring that personal data is processed only for specified purposes with the burden of proof on the controller to demonstrate compliance with exemptions.