This bill introduces new regulations in Oklahoma aimed at safeguarding children's personal data. It requires covered entities, which include various online service providers, to conduct and review data protection impact assessments to ensure their practices are in the best interests of children. These assessments must be submitted to the Attorney General upon request, and default privacy settings for children must prioritize high privacy levels. The bill prohibits the processing of children's personal data in ways that do not align with their best interests, such as profiling and using manipulative design techniques. Additionally, it establishes that these assessments are confidential and not publicly disclosed, while also requiring entities to notify the Attorney General of any violations.

Furthermore, the legislation allows parents, guardians, or consumers to monitor a child's online activity or track their location without the child's knowledge, imposing civil penalties for violations—up to $2,500 for negligent breaches and $7,500 for intentional ones. The Attorney General is responsible for enforcement actions, but covered entities can avoid penalties by demonstrating compliance after being notified of violations. The bill outlines specific exemptions, including protected health information and telecommunications services, and clarifies that it does not restrict children's ability to search for content online. The act is set to take effect on November 1, 2025, and applies to entities managing significant amounts of personal data from Oklahoma consumers.