CCPA Data Deletion Requests and AI Models 2026: Can Users Force You to Retrain?
A California consumer sends a CCPA deletion request — and their data is baked into the model you shipped last quarter. Do you have to retrain? Delete the model? Just the source rows? Here is what the law actually requires, what the FTC has already ordered, and how to build a deletion workflow that holds up.
What CCPA Deletion Actually Requires
Under the CCPA (as amended by the CPRA), a consumer can request that a business delete the personal information it has collected about them. On a verified request, the business must delete the personal information from its records and direct its service providers and contractors to delete it too — unless a statutory exception applies.
The text targets "personal information" in your "records." For AI, that clearly covers the raw training data, feature stores, embeddings keyed to an individual, logs, and any identifiable copy of the consumer's information. The harder question is the trained model itself.
The Three Layers of AI Data — and What You Must Delete
Source & Training Data
DELETERaw records, datasets, feature stores, and any identifiable copy used to train or fine-tune the model. This is squarely 'personal information in your records' and must be deleted on a verified request.
Inference Logs & Embeddings
DELETEPrompt/response logs, embeddings, vector-DB entries, and caches that can be linked to the individual. If it can be re-associated with the consumer, it is personal information and in scope.
Model Weights
CONTEXT-DEPENDENTWhether you must alter the trained weights is unsettled. If the model memorizes and can regurgitate the individual's data, regulators are more likely to treat the weights as containing personal information. Practical responses: exclude from future retraining, apply machine unlearning, or (in disgorgement cases) delete the model.
Algorithmic Disgorgement: When Regulators Order Model Deletion
The reason "we already trained on it" is a dangerous defense: the FTC has repeatedly ordered companies to destroy the models themselves, not just the data. This remedy is called algorithmic disgorgement or model deletion.
Cambridge Analytica
2019
FTC order required deletion of information and any algorithms or work product derived from improperly obtained Facebook data.
Everalbum
2021
Required to delete facial recognition models and algorithms developed using photos collected without consent — the landmark model-deletion case.
WW / Kurbo
2022
Required to destroy algorithms built from children's data collected in violation of COPPA.
Rite Aid
2023
Five-year ban on facial recognition and an order to delete the biometric data and models built from it.
These are FTC actions, not CCPA deletion responses — but they set the regulatory tone. If your training data was collected unlawfully, the downstream model is at risk, and the California Privacy Protection Agency has signaled increasing interest in automated decision-making and AI training practices.
Machine Unlearning vs Full Retraining
When source deletion is not enough and you need to remove an individual's influence from a model, you have options of escalating cost:
Exclude & Retrain on Schedule
Low–MediumDelete the source records now and exclude them from your next scheduled retraining cycle. The most common, defensible approach for models retrained regularly.
Machine Unlearning
MediumAlgorithmic techniques (e.g. influence functions, SISA training) that approximately remove a data point's effect without full retraining. Emerging, not yet a settled legal standard.
Full Retraining
HighRetrain the model from scratch on the cleaned dataset. The strongest guarantee, used when memorization risk or regulatory exposure is high.
Model Deletion
HighestDestroy the model entirely. Reserved for disgorgement orders or models trained on data with no lawful basis.
Deletion Exceptions You Can Actually Rely On
CCPA lets you deny or limit a deletion request in specific situations. "We trained a model on it" is not one of them — but these are:
- Completing a transaction or providing a good/service the consumer requested
- Detecting security incidents or protecting against fraud and illegal activity
- Complying with a legal obligation or exercising/defending legal claims
- Genuinely deidentified or aggregated data (outside CCPA scope entirely)
- Certain internal uses reasonably aligned with the consumer's expectations
The strongest structural protection is deidentification: if your training pipeline strips identifiers and meets the CCPA deidentification standard (reasonable safeguards, a public no-reidentification commitment, and contractual bans on re-identification), the data falls outside CCPA and deletion requests do not reach it.
A Deletion Workflow That Survives an Audit
Build this before the requests arrive — retrofitting deletion into a trained pipeline is painful.
Audit your AI product's privacy exposure
RatedWithAI helps teams understand their compliance posture across privacy, accessibility, and AI-regulation requirements. Start with a free scan.
Scan Your Product for Free →Frequently Asked Questions
Do I have to retrain my model for every CCPA deletion request?
Not usually. The core obligation is to delete the personal information from your records and direct service providers to do the same. Most businesses satisfy this by deleting source data and excluding the record from future training runs. Full retraining or unlearning is reserved for high-risk cases — models that memorize and can output the individual's data, or data collected without a lawful basis.
What is the CCPA deadline to respond to a deletion request?
You must confirm receipt within 10 business days and complete the response within 45 calendar days of a verified request. The deadline can be extended by another 45 days (90 total) when reasonably necessary, with notice to the consumer.
Does deidentified training data protect me from deletion requests?
Yes, if it genuinely meets the CCPA deidentification standard. Data that cannot reasonably be re-identified, where you publicly commit not to re-identify it and contractually prohibit re-identification, falls outside CCPA. Pseudonymized data that can still be linked back to a person does not qualify and remains in scope.
Can the FTC really order me to delete an AI model?
Yes. The FTC has imposed algorithmic disgorgement — model deletion — in multiple cases, including Everalbum, Rite Aid, and WW/Kurbo. The remedy applies when a company built models on data collected unlawfully or in violation of its own representations. It is a strong signal that downstream AI models inherit the legal risk of their training data.