OK Data Privacy Act Creates Framework Giving Consumers New Rights

Staff Editor 2026-04-09
OK Data Privacy Act Creates Framework Giving Consumers New Rights

OK Data Privacy Act Creates Framework Giving Consumers New Rights

https://natlawreview.com/article/oklahoma-adopts-broad-consumer-privacy-framework

Publish Date: 2026-04-09 17:56:00

Source Domain: natlawreview.com

On March 20, Oklahoma Governor Kevin Stitt signed Senate Bill 546, the Oklahoma Data Privacy Act, creating a broad state privacy framework that gives Oklahoma consumers new rights over how certain businesses collect, use, and share personal data. The law takes effect on January 1, 2027.

The Act applies to controllers and processors that do business in Oklahoma or target products or services to Oklahoma residents and that either process the personal data of at least 100,000 consumers in a calendar year or process the personal data of at least 25,000 consumers while deriving more than 50% of gross revenue from the sale of personal data. The law excludes, among others, financial institutions and data subject to the Gramm-Leach-Bliley Act, as well as certain activity regulated by the Fair Credit Reporting Act.

Key provisions include:

  • Consumer rights. The Act gives consumers the right to confirm whether a controller is processing their personal data, access that data, correct inaccuracies, delete certain data, and obtain a portable copy of data previously provided to the controller. It also allows consumers to opt out of targeted advertising, the sale of personal data, and certain profiling. 
  • Response and appeal procedures. Controllers generally must respond to authenticated consumer requests within 45 days. They may extend that period once for another 45 days when reasonably necessary, and they must provide an appeal process if they deny a request. 
  • Sensitive data restrictions. Controllers must obtain consumer consent before processing sensitive data. For known children, processing must comply with the Children’s Online Privacy Protection Act. 
  • Controller and processor obligations. The Act requires controllers to follow data minimization and reasonable data security standards and to provide privacy notices with specified disclosures. It also requires processor contracts and data protection assessments for certain higher-risk processing activities, including…

Source

More Stories

BGU Study Warns AI Sports Scouting May Reinforce Bias, Threaten Privacy

BGU Study Warns AI Sports Scouting May Reinforce Bias, Threaten Privacy

Staff Editor 2026-06-07
Why U.S. Privacy Laws Weren’t Built for AI Smart Glasses

Why U.S. Privacy Laws Weren’t Built for AI Smart Glasses

Staff Editor 2026-06-07
Lack of privacy, toilets, persistent stigma forces girls in Odisha to miss school during menstruation

Lack of privacy, toilets, persistent stigma forces girls in Odisha to miss school during menstruation

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy