Bill No. 546 aims to enhance consumer rights regarding data privacy in Oklahoma by establishing a comprehensive framework for individuals to manage their personal data. The bill introduces new definitions and provisions that grant consumers the rights to access, correct, delete, and opt out of the processing of their personal data. It requires data controllers to respond to consumer requests within a specified timeframe and provides an appeal process for denied requests. Additionally, the bill outlines the responsibilities of controllers in handling these requests, including conditions under which they may charge fees for excessive or repetitive inquiries. It emphasizes the importance of consent, particularly for children under thirteen, and prohibits any contractual agreements that limit consumer rights.

The legislation also mandates that controllers create secure methods for consumers to exercise their rights without requiring new account creation and specifies that websites must provide mechanisms for submitting requests. It introduces provisions for data protection assessments and grants the Attorney General exclusive enforcement authority, with civil penalties for violations. Certain entities, such as state agencies and financial institutions, are exempt from the bill's provisions, and it clarifies that compliance with existing federal laws, such as the Children's Online Privacy Protection Act, satisfies parental consent requirements. The act is set to take effect on July 1, 2026.