Episode 67: Everything’s an ad network & everyone’s a data broker

Ben Isaacson, Founder of InHouse Privacy and longtime privacy attorney, joins the podcast to break down how California’s CPPA is reshaping the data broker landscape. From the DELETE Act and the drop mechanism to the broad definition of “sale” and “direct relationship,” Ben explains why ad tech, retail media, clean rooms, and even auto and smart TV companies may be in scope. He also shares what enforcement could look like in 2026, why smaller brokers may not survive, and the biggest misconception that continues to put companies at risk.

Takeaways

• Ben Isaacson's journey into the privacy space began in 1995.
• The CCPA and CPRA have significantly influenced privacy regulations in California.
• Data brokers are now defined more broadly under California law.
• Ad tech companies must navigate complex compliance issues regarding data sharing.
• Retail media networks face challenges in adhering to data broker rules.
• Authorized agents may struggle with compliance as regulations evolve.
• The DELETE Act could lead to increased enforcement actions against data brokers.
• Misconceptions about data selling persist among companies.
• The future of data broker regulations may see more states adopting similar laws.
• Privacy by design is essential for companies to build trust with consumers.

Chapters

00:00 Ben Isaacson’s privacy origin story and early internet lobbying

09:06 How CPPA enforcement is reshaping CCPA and CPRA

12:53 What California’s data broker definition really means

14:37 Why ad tech, DSPs, DMPs, and clean rooms may be in scope

17:42 Retail media networks and off platform monetization risk

26:26 The DELETE Act drop mechanism and 2026 enforcement timeline

29:02 Authorized agents and the rise of deletion services

38:06 The future of the data broker industry

41:15 The biggest misconception companies still believe about selling data

Learn more about your ad choices. Visit megaphone.fm/adchoices