Bill No. 546, introduced by Senator Howard and Representative West, aims to enhance consumer rights regarding data privacy in Oklahoma by establishing a comprehensive framework for data processing. The bill introduces definitions for key terms such as "affiliate," "biometric data," "consumer," "controller," and "sensitive data." It grants consumers rights to access, correct, delete, and obtain their personal data in a portable format, as well as the ability to opt out of targeted advertising and data sales. Controllers are required to respond to consumer requests within 45 days, with a possible extension, and must provide a written explanation if requests are denied, along with a mechanism for consumers to contact the Attorney General for complaints. Additionally, any contractual provisions that limit consumer rights under this bill are deemed void and unenforceable.

The legislation also imposes new responsibilities on data controllers and processors, mandating secure methods for consumers to exercise their rights and requiring clear privacy notices about data processing practices. The Attorney General is granted exclusive enforcement authority, including the ability to impose civil penalties for violations. The bill outlines exemptions for certain entities, such as state agencies and financial institutions, and emphasizes the necessity of consumer consent for processing sensitive data. It also clarifies that compliance with existing federal laws, such as the Children's Online Privacy Protection Act, will satisfy certain requirements under this act. The provisions are set to take effect on July 1, 2026, aiming to ensure responsible data handling practices and enhance consumer privacy rights in Oklahoma.