Assembly Bill 172 aims to enhance consumer data protection by establishing specific rights for individuals regarding their personal data. The bill defines key terms such as "controller," which refers to entities that determine the purpose and means of processing personal data, and sets thresholds for applicability based on the number of consumers served and revenue derived from data sales. It grants consumers rights to access, correct, delete, and opt out of the processing of their personal data, particularly for targeted advertising and sales. Additionally, it mandates that controllers provide a privacy notice detailing the categories of data processed and the purposes for which it is used, while ensuring that consumers are not discriminated against for exercising their rights.

The bill also outlines enforcement mechanisms, allowing the Department of Agriculture, Trade and Consumer Protection (DATCP) and the Department of Justice to impose penalties for violations, with fines reaching up to $10,000 per infraction. It requires controllers to respond to consumer requests promptly and to establish secure methods for consumers to exercise their rights. Furthermore, the bill prohibits local governments from enacting their own regulations on personal data collection and processing, thereby centralizing the regulatory framework at the state level. Overall, Assembly Bill 172 seeks to create a comprehensive legal structure for consumer data protection in Wisconsin.