When the Delete Act Bites: CCPA Enforcement and the 2026 Data Landscape
California's Delete Act activates in August 2026 and radically strengthens privacy enforcement. The first- and second-order effects on data brokers, marketing, and AI labs.
California's CCPA is one of the nation's strongest data privacy laws on paper but has historically been lightly enforced. That changes in August 2026, when the main provisions of California's Delete Act activate and radically strengthen enforcement. The regulator's new DROP system and its downstream notification requirements will create unforeseen problems in networking, messaging, and routing among data brokers and the many data-driven companies in the lead-gen and marketing space. Will consumer PII be truly deletable from the internet several years from now, or will the operational burden crush technical organizations? What happens when regulators apply the definition of data broker to AI labs and their models, where a person's data cannot be removed as easily as a row from a database? This talk discusses the first- and second-order effects of applying and enforcing this law on organizations in general, and the specific technical challenges of structuring data to be individually addressable and deletable when the business drives collection at a demographic level.