> it sounds like normal non-incorporated human persons and personal websites wouldn't be forced to delete things
Natural versus artificial person is probably irrelevant. (Sole proprietorship is a "normal non-incorproated human" doing business.) If your personal website is somehow collecting information from non-visitors and then selling it, that's a data broker. In practice, I can't see why or how that would accidentally occur.
I think your implicit assumption here is that all websites are businesses in some sense? But people often run websites that have no monetary transactions involved (except hosting, domain, etc costs). Since I'm one of these I worry about being forced to delete data just because some random persons who came to my metaphorical backyard BBQ didn't realize there was a metaphorical photographer there taking pictures.
I get the spirit of the law and I'm glad incorporated entities will be regulated. I just anticipate substantial use of the 'Delete Act' for frivolous cases and malicious uses. Much like GDPR. With the good comes the bad.
Natural versus artificial person is probably irrelevant. (Sole proprietorship is a "normal non-incorproated human" doing business.) If your personal website is somehow collecting information from non-visitors and then selling it, that's a data broker. In practice, I can't see why or how that would accidentally occur.