The "Child Data Privacy and Protection Act" introduces significant measures to safeguard the personal data of children under eighteen in South Carolina. It establishes a new Article 9 to Chapter 5, Title 39 of the South Carolina Code, which includes definitions for key terms such as child users and data controllers. The bill mandates that entities providing online products aimed at children conduct data protection impact assessments, limit data collection and processing, and implement "privacy by default" settings. Additionally, it requires clear display of privacy policies, parental consent for targeted advertising, and expedited handling of civil and criminal subpoenas related to child users. The Office of the Attorney General is designated to oversee compliance, assist with technical guidance, and run a public awareness campaign regarding the new regulations.

The legislation also sets forth a framework for imposing civil penalties on individuals or businesses that violate its provisions, allowing for penalties of up to twenty thousand dollars per violation, with a total cap of two hundred fifty million dollars. The Attorney General must provide written notice of alleged violations at least ninety days before taking legal action, giving the accused a chance to remedy the situation. The bill stipulates that twenty percent of collected penalties will fund public awareness campaigns, while eighty percent will support enforcement efforts. It also permits legal action on behalf of child users or their next of kin in cases of harm due to violations, with successful plaintiffs entitled to damages and legal remedies. The act will take effect one hundred eighty days after the Governor's approval.