Lawfare Daily: CPPA’s Tom Kemp on Data Brokers, Privacy, and State Enforcement
The Lawfare Podcast
The Lawfare Institute
4.7 • 6.4K Ratings
🗓️ 25 March 2026
⏱️ 51 minutes
🧾️ Download transcript
Summary
Tom Kemp, executive director of the California Privacy Protection Agency (CPPA), joins Lawfare’s Justin Sherman to discuss California’s new Delete Request and Opt-out Platform, or DROP system, the data broker industry, and California’s ongoing efforts to ensure residents can effectuate their privacy rights. They also discuss the process and impacts of bringing technologists into public service at privacy and cybersecurity regulatory bodies, inter-state collaboration on data privacy issues, how California thinks about concerns around U.S. foreign adversaries and risks of access to U.S. persons’ data, and the near-term and over-the-horizon privacy risks to consumers.
Additional Resources:
- California Delete Request and Opt-Out Platform (DROP)
- California Data Broker Registry
- California Consumer Privacy Act (CCPA)
To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.
Support this show http://supporter.acast.com/lawfare.
Hosted on Acast. See acast.com/privacy for more information.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | What it's really focused on is enabling privacy rights at a scale that's not possible in the current notice and choice framework that we have here in the United States. |
| 0:15.0 | So it is pretty, I would say, pretty revolutionary in terms of kind of flipping the balance back to the consumers. |
| 0:24.8 | It's the Lawfare podcast. I'm Justin Sherman, contributing editor at Lawfare and CEO of Global Cyber Strategies, |
| 0:33.1 | with Tom Kemp, Executive Director of the California Privacy Protection Agency, or CPPA, aka Cal Privacy. |
| 0:42.5 | Yes, we can go after global entities because we regulate the collection and use of Californians data. |
| 0:51.0 | All the obligations that are in our law around data minimization, honoring privacy rights, |
| 0:57.6 | security of personal information applied to all businesses. Today, we're talking about California's |
| 1:04.5 | new drop system and the data broker industry, bringing technologists into public service |
| 1:09.8 | and the future of state privacy enforcement. |
| 1:13.6 | So first, what are the California Privacy Protection Agency's main statutory and regulatory focus areas? |
| 1:23.1 | And then second, are there any major differences that you see between the CPP and the authorities |
| 1:28.6 | and resources of other states as it pertains to this issue set? |
| 1:33.3 | Absolutely. |
| 1:34.3 | And thanks, Justin, for having me on. |
| 1:37.1 | The California Privacy Protection Agency, now known as CalPrivacy, was created via the voters here in California with the passage of Prop |
| 1:47.8 | 24 in 2020. |
| 1:51.0 | And the agency itself is responsible for implementing, enforcing, and raising awareness |
| 1:58.4 | of the California Consumer Privacy Act or CCPA and the California |
| 2:03.4 | Delete Act. |
| 2:04.9 | And so if you look at what we do, our mission is really focused in six primary areas. |
| 2:12.6 | First, rulemaking. |
| 2:14.3 | Second, promoting public awareness, i.e. raising privacy literacy for consumers and |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from The Lawfare Institute, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of The Lawfare Institute and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.