Assembly Bill 172 establishes comprehensive consumer data protection measures in Wisconsin, targeting controllers and processors of personal data. The bill defines a "controller" as an entity that determines the purpose and means of processing personal data, specifically those handling data from at least 100,000 consumers or 25,000 consumers with significant revenue from data sales. It grants consumers rights to access, correct, delete, and opt out of the processing of their personal data, while prohibiting discrimination against consumers exercising these rights. Controllers are required to provide a privacy notice detailing data processing practices and must establish secure methods for consumers to submit requests regarding their data.

Additionally, the bill mandates that controllers respond to consumer requests promptly and allows for appeals if requests are denied. It outlines penalties for violations, including fines up to $10,000 per infraction, and requires that local governments refrain from enacting conflicting ordinances. The bill also includes provisions for data protection assessments and specifies that the Department of Agriculture, Trade and Consumer Protection (DATCP) and the Department of Justice will enforce compliance. Notably, the bill repeals a previous provision under 100.80 (9) (b) 1 and renumbers and amends 100.80 (9) (b) 2, creating a new section dedicated to consumer data protection.