Understanding the Impact of the CA Delete Act on the Global Consumer Privacy Trends
Legal fortification could finally lay to rest the growing concerns about depleting consumer privacy standards in the generative AI era. According to GetApp, consumers are alarmed by the nature of privacy infringements caused by generative AI tools. 85% of consumers are concerned about sharing personal information with generative AI tools, and 49% of consumers decided against using any AI tool solely due to the lack of trust in AI tools regarding personal information. This tells a lot about the need to improve consumer privacy rights and make data brokers accountable for their operations in the AI space. The CA Delete Act arrived with the answer earlier this month.
Earlier this month, the governor of California, Gavin Newsom, signed Senate Bill 362, popularly referred to as the CA Delete Act.
The CA Delete Act would fortify the existing California Consumer Privacy Act (CCPA) with new sets of legal inclusions specifically meant to safeguard consumer privacy rights with respect to the collection, storage, analysis, deletion, and selling of personal information for business and non-business purposes. These include the personal data collected for training Large Language Models (LLMs) used in generative AI models.
The CA Delete Act would establish the California Privacy Protection Agency with full administrative power, authority, and jurisdiction to enforce the CCPA. The agency would ensure that the data brokers are complying with all the requirements pertaining to the accessible deletion mechanism as a means to safeguard consumer privacy rights.
The new bill guides the agency to establish an “accessible deletion mechanism” for consumers’ data. Consumers who wish to delete any personal information from the database owned or administered by a broker, service provider, or contractors would benefit from the CA Delete Act. The law would require data brokers to review the mechanism of deletion every 45 days, beginning 1 August 2026. In addition to the automated data deletion mechanism every 45 days, the data broker would be required to meet the audit guidelines every three years, beginning 1 January 2028. An independent third-party data audit team would undertake the audit to determine the compliance, and thereafter, submit a final report as per the agency’s guidelines. The bill will empower the agency to charge a monetary fee to data brokers who wish to access the auto data deletion mechanism, as mentioned in the bill. The fee shall be deposited in the Data Brokers’ Registry Fund.
CA Delete Act would bolster the consumer privacy rights movement across the country. For instance, AI companies would have to reorganize their data mining and storage mechanisms to comply with the new regulations. This means that the cost of data management would eventually spike once the bill takes the form of a federal law. This makes AI development costlier, considering the energy costs that are already blowing a hole in the budgets.
In an email conversation with us, Zach Capers, Senior Security Analyst and Manager of ResearchLab at GetApp stated his position on the CA Delete Act. Zach said,
“California’s Delete Act (CA Delete Act) has been signed into law and will make it easier for consumers to remove their information from data broker websites.
But, data brokers are only part of a constantly growing ecosystem of data-hungry websites and technologies that aggressively collect consumer data. Consumers are clearly worried about sharing their personal information online and with emerging tools such as ChatGPT. GetApp’s research finds that 85% of consumers are concerned about sharing personal information with generative AI tools while 49% say they’ve decided against using an AI tool because they didn’t trust it with their personal information. Similarly, 81% of consumers voice concerns about sharing personal data with web applications such as search engines and navigation apps. It’s not surprising, then, that nearly half (49%) say they falsify their personal information when shopping online. For consumers, there’s never been a better time to take data privacy into their own hands which is why we developed our new guide: How To Remove Personal Information From the Internet for Free.”
Zach recently published a comprehensive guide to removing personal information from the internet. The guide explores different avenues to protect personal data, including opting out of data brokers’ sites, removing personal info from AI training models, or ‘simpler’ methods like how to engage privacy settings on browsers or restricting phone settings – leaving no stone unturned for consumers to protect themselves.
There are two major challenges for the California Privacy Protection Agency while implementing the CA Delete Act. Firstly, the agency has to figure out the estimated budget required to manage the auto-deletion mechanisms and the costs of IT operations. Secondly, it has to build a centralized deletion mechanism that would address the traditional challenges that are associated with data mining, data verification, and IT authentication.
While the scope of the CA Delete Act could expand in the near future, the impact of consumer privacy regulations on data brokerage could lead to a major transformation in the global data management software industry in the next three to four months.
Comments are closed.