The "Child Data Privacy and Protection Act" is designed to strengthen the safeguarding of personal data for children under eighteen in South Carolina. It introduces a new Article 9 to Chapter 5, Title 39 of the South Carolina Code, which includes definitions for key terms such as child users, data breaches, and data controllers. The bill mandates that entities providing online products aimed at children conduct data protection impact assessments, limit data collection to necessary information, and implement "privacy by default" settings. It also requires clear and comprehensible privacy policies for children, parental consent for targeted advertising, and expedited handling of civil and criminal subpoenas related to child users.

Additionally, the bill establishes a framework for civil penalties against those who knowingly or recklessly violate its provisions, with penalties reaching up to twenty thousand dollars per violation and a total cap of two hundred fifty million dollars. The Attorney General must provide written notice of violations before taking legal action, allowing for rectification. The distribution of penalty proceeds is specified, with twenty percent allocated for public awareness campaigns and eighty percent for enforcement efforts. The act also allows legal action on behalf of child users harmed by violations, with successful plaintiffs entitled to damages and legal remedies. The act will take effect one hundred eighty days after the Governor's approval.