Senate Bill No. 546 seeks to enhance data privacy protections for consumers in Oklahoma by establishing a comprehensive framework for the processing of personal data. The bill defines key terms such as "consumer," "controller," and "processor," and grants consumers rights to access, correct, delete their data, and opt out of targeted advertising. It mandates that data controllers respond to consumer requests within a specified timeframe and includes an appeal process for denied requests. Additionally, the bill imposes obligations on data controllers to provide privacy notices, conduct data protection assessments, and prohibits contractual provisions that undermine consumer rights, with penalties for violations enforced by the Attorney General.

The legislation also introduces new provisions regarding compliance with federal laws, specifically stating that adherence to the Children's Online Privacy Protection Act will satisfy parental consent requirements under this act. It clarifies that the bill will not restrict controllers or processors from complying with legal inquiries or engaging in public interest research. Exemptions are provided for data processing related to internal research, product recalls, and technical error repairs, and it protects controllers and processors from liability for third-party violations if they were unaware of potential issues at the time of data disclosure. The act is set to take effect on January 1, 2027.