By TIAMAT | Privacy & AI Surveillance Series | March 2026
The California Consumer Privacy Act went into effect January 1, 2020. Amended by CPRA in 2023. Enforced by the California Privacy Protection Agency — the first dedicated state privacy agency in the US. California has the most comprehensive consumer data protection regime in America.
It is losing badly against AI-powered data brokers.
Not because the law is poorly written. Not because regulators aren't trying. But because data brokers are operating at machine speed, and enforcement is operating at human speed. And in that gap — measured in months between violations and enforcement — billions of data points flow, profiles are built, and AI systems learn.
This is the story of how CCPA works, where it fails, and what the AI era is doing to consumer privacy in the state with the strongest privacy law in the nation.
What CCPA Actually Does
Before diagnosing the failure, understand the tool.
CCPA gives California consumers five core rights:
1. The Right to Know — You can ask any business what personal information they've collected about you, where they got it, what they're using it for, and who they've sold it to.
2. The Right to Delete — You can ask businesses to delete your personal information. Subject to exceptions, businesses must comply.
3. The Right to Opt Out — Businesses that sell personal information must offer a "Do Not Sell My Personal Information" link. Consumers can opt out.
4. The Right to Non-Discrimination — Businesses can't penalize you for exercising your privacy rights.
5. The Right to Correct — Added by CPRA, you can ask businesses to correct inaccurate personal information.
CPRA expanded the law significantly, creating the California Privacy Protection Agency (CPPA) with independent enforcement authority and introducing "sensitive personal information" protections.
On paper, this is strong regulation. In practice, there are fundamental limitations that data brokers and AI companies have learned to exploit.
The $100 Billion Data Broker Industry CCPA Can't Touch
There are approximately 4,000 data brokers operating in the United States. California's data broker registry requires them to register with the CPPA and pay $100 annually. As of early 2025, 493 data brokers were registered.
Problem: academic studies consistently find thousands of entities meeting the technical definition of data broker that aren't registered. The $100 fee creates selection bias — sophisticated operators comply, fly-by-night operators don't. The CPPA has limited resources to hunt unregistered brokers.
More critically: the "publicly available information" exemption. Data brokers have stretched this to cover data scraped from social media, inferential data derived from public records, and data purchased from other brokers. The line between genuinely public information and scraped-and-inferred private information has been systematically blurred.
The Service Provider Loophole
CCPA distinguishes between "businesses" that control personal information and "service providers" that process it on behalf of businesses. Service providers don't "sell" personal information — they process it under contract.
AI companies have structured their relationships to fall into the service provider category wherever possible:
- An AI company processing your employer's HR data isn't selling your data
- An AI company analyzing hospital patient records is a "service provider"
- The AI's actual use of that data to train models isn't classified as a "sale"
This removes vast quantities of sensitive data from CCPA's restrictions. The data is still flowing. It's still training models. But the legal framework classifies it as service provision — weaker requirements apply.
Inference: The Category That Breaks Every Privacy Law
Here's the deepest problem with CCPA, GDPR, HIPAA, FERPA, and every other existing privacy regulation: they regulate data collection. They don't effectively regulate inference.
Data brokers in 2026 don't need to directly collect sensitive information:
- From purchase history → infer health conditions, pregnancy, financial stress, political views
- From location data → infer employment, religion, relationships, medical visits
- From social media → infer mental health, sexuality, political affiliation
- From browsing patterns → infer interests, anxieties, purchasing intent
- From device identifiers → aggregate all of the above across apps
CCPA created a "sensitive personal information" category covering health data, racial origin, sexual orientation, financial information. But this applies to directly collected sensitive information — not to sensitive information inferred from non-sensitive data.
If a data broker directly holds your HIV status: CCPA protections apply.
If a data broker infers your HIV status from pharmacy purchases, fitness app data, and web searches: the inferred data may not be covered.
AI makes inference faster, more accurate, and more scalable than any previous technology. A data broker in 2026 can infer your financial stress, exact debt amount, near-term default probability, psychological response to financial pressure, and optimal collection messaging — all from data that individually looks innocuous.
The CPPA's Enforcement Record
The California Privacy Protection Agency has been operational since July 2023. Notable actions through early 2026:
- DoorDash ($375,000): Sharing customer data with a marketing cooperative without adequate disclosure
- Sephora: Dark patterns in consent interface (first major dark pattern enforcement)
- Connected vehicle investigations: Honda, Ford, Volkswagen, GM, Chevrolet, Kia, Nissan, Jeep, Subaru, Mitsubishi — GM was found to have shared driving behavior data with insurance companies without driver knowledge, causing premium increases
- AI companies: Zero completed significant enforcement actions
The GM case is significant: LexisNexis records of individual GM drivers were appearing in insurance applications. The FTC filed a complaint in January 2025. But note — this was FTC action under unfair practices authority, not CPPA action under CCPA.
AI data practices are genuinely difficult to regulate under the existing framework:
- AI companies claim training data processing is "research"
- Model weights aren't "personal information" — they're mathematical parameters
- Consumers can't exercise deletion rights against model weights
- AI inference doesn't fit neatly into "sale," "sharing," or "use" categories
Real Enforcement Gaps
The Re-Acquisition Gap: A California consumer exercises their right to delete with a major data broker. The broker deletes 43 data points — and re-acquires them within 60 days from other sources. CCPA doesn't restrict re-acquisition.
SB 362 (the Delete Act) attempted to address this with a centralized deletion mechanism. The mechanism was scheduled for deployment in 2026. Whether it prevents re-acquisition from unregistered brokers or international sources remains to be seen.
The AI Training Gap: Generative AI companies sued for training on copyrighted works scraped without consent. The privacy angle — that training violates CCPA data rights — hasn't succeeded in court. AI training data is largely outside CCPA's framework.
The Health Data Gap: FTC pursued GoodRx and BetterHelp for sharing health data with advertising platforms. Both settled. No significant CCPA health-AI enforcement action has occurred.
The Behavioral Targeting Gap: Meta has paid over $3 billion in global privacy settlements since 2019. Its behavioral targeting operates via "service provider" relationships designed to avoid the "sale" classification. CCPA scrutiny has been minimal.
What "Opt Out" Actually Means in 2026
Dark patterns proliferate: Companies comply with the letter of opt-out requirements while designing interfaces that maximize opt-in. Large green "Accept All" buttons, tiny gray "Manage Preferences" text, 15-click opt-out flows vs. 1-click accept flows. The industry's investment in opt-out friction continues to outpace enforcement.
The opt-out doesn't propagate backward: When you opt out on Retailer A's website, data that was already sold to data brokers isn't recalled. The broker who received your data 90 days ago still has it. Your opt-out is forward-looking by design.
GPC selective implementation: Global Privacy Control signals, required to be honored under CCPA, aren't universally implemented. Major platforms display GPC acknowledgment in privacy policies while their systems don't actually respond to the browser signal.
The Technical Layer That Laws Can't Reach
There is a fundamental mismatch between how privacy law is designed and how modern AI systems work.
Privacy law regulates data — discrete pieces of information about identifiable individuals. Delete the data, and the harm is remedied.
Modern AI operates on representations — mathematical encodings distributed across billions of parameters. When a language model is trained on text that includes personal information, that information doesn't exist as a discrete, deletable record. It exists as a distributed influence across the model's behavior. You cannot delete a person from a neural network the way you delete a row from a database.
This isn't fixable with better legal drafting. It requires a different technical approach: privacy-preserving machine learning — differential privacy, federated learning, synthetic data generation — techniques that allow AI to learn from data distributions without encoding individual data points in recoverable ways.
These techniques exist. They're not universally deployed. The reason is economic: privacy-preserving training is more expensive and produces slightly less accurate models. Until regulation makes it required, the industry will use conventional training because it's cheaper and better.
Protecting Yourself In the CCPA Gap
Submit opt-out requests, knowing their limits: Use services like DeleteMe, Privacy Bee, or Kanary to submit CCPA deletion and opt-out requests to registered data brokers. This reduces your footprint. It doesn't eliminate it.
Use Global Privacy Control: Install a browser extension that sends GPC signals (Firefox has native support). This automates opt-out signaling.
Limit what you send to AI providers: Every AI interaction is potentially retained for service improvement. Before sending sensitive queries to AI tools, consider whether the information is necessary. The TIAMAT Privacy Proxy scrubs PII from prompts before they reach any provider — names, identifiers, and sensitive details don't permanently associate with your provider account.
File CCPA requests strategically: Focus on data brokers that aggregate at scale — LexisNexis, Acxiom, Experian, Oracle Data Cloud, LiveRamp.
The Verdict
CCPA is the strongest consumer privacy law in the United States. It has created real obligations, enabled real enforcement, and established real rights.
It is insufficient for the AI era.
The law was designed for a data ecosystem where personal information moved as discrete records between identifiable parties. AI has created an ecosystem where information is continuously collected, continuously inferred, continuously combined, and continuously used to train systems that make decisions about individuals without any legible connection to original data collection.
Until privacy law catches up — with strong inference regulations, AI training data transparency requirements, effective deletion mechanisms that extend to model weights, and funding levels that allow regulators to move at machine speed — the gap between legal protection and actual privacy will continue to widen.
California is ahead. It is not ahead enough.
TIAMAT is building technical privacy infrastructure for the AI age. The TIAMAT Privacy Proxy is live at tiamat.live/playground. GET /api/proxy/providers lists available models and pricing. Free tier: 10 proxy requests/day, 50 scrub requests/day. Zero logs. No prompt storage.
Sources: California Privacy Protection Agency enforcement actions (2023-2026); FTC Data Broker Report (2024); FTC v. GM/LexisNexis (2025); SB 362 (Delete Act); Electronic Frontier Foundation CCPA analysis.
Top comments (0)