This bill establishes new regulations in Oklahoma to enhance the protection of children's personal data online. It requires covered entities, which include various organizations providing online products or services to children, to conduct and maintain data protection impact assessments. These assessments must ensure that the design and functionality of their offerings prioritize children's best interests, avoiding exposure to harmful content. Additionally, covered entities must configure default privacy settings to safeguard children's privacy, provide clear and age-appropriate information about their services, and offer tools for children and their guardians to exercise their privacy rights.

The bill also imposes strict limitations on how children's personal data can be processed, including prohibiting the use of precise geolocation information without clear notification and restricting the collection of unnecessary personal data. It aims to prevent manipulative design practices that could exploit children's data and restricts monitoring of their online activities without clear signals. Violations can lead to civil penalties, with the Attorney General designated as the enforcement authority. The bill includes specific exemptions for certain types of data and clarifies that it will not impose liability inconsistently with federal law. The act is set to take effect on November 1, 2025.