With California expanding enforcement, launching the DROP system, and signaling what comes next for automated decision-making and data brokers, privacy expectations for businesses are becoming clearer—and harder to ignore.
Tom Kemp, Executive Director of the California Privacy Protection Agency, is one of the few people shaping US privacy enforcement who understands business realities from the inside. We discuss what changes when a former tech CEO becomes a regulator, how California balances innovation with enforcement, and why making privacy easier for consumers is the real unlock.
00:00 Introduction.
05:10 How firsthand GDPR compliance shaped California’s privacy framework.
08:45 Why California believes innovation and privacy can coexist.
13:40 What the California Privacy Protection Agency actually does.
18:50 How enforcement works, and what regulators want businesses to understand.
23:30 Why transparency and cooperation matter during enforcement actions.
28:10 How states collaborate on privacy enforcement across jurisdictions.
33:00 What the DROP system is and why it changes deletion of information from data brokers.
41:00 How California defines a data broker.
47:00 What’s next for privacy regulation in California.
52:00 Why federal privacy laws should set a floor, not a ceiling.
56:30 How technology, including AI, could make privacy easier for consumers.