But the data collected is property of the government and flock is not allowed to use that data for additional business gain (according to their statements)...

So they can't sell the fact that you're at Target at 8:00 p.m. on Thursday to anybody... Nor build profiles to sell to advertisers... And if that's the case that's very similar to cloud storage vendors.

If I access hacker news, and the record of my visit is stored in an AWS S3 bucket, I can't submit to AWS to delete my visitor record, even though the server, network cards, wires, and storage medium are AWS property, it was hacker news' website that generated that record and their responsibility to take my request to delete it.. AWS' stance would rightly be "talk to the website operator for CCPA requests"

Yeah but their argument is that if someone takes a photo of you with thier iphone and its uploaded to icloud, you cant ask apple to delete the photo, you need to ask the person who took it

If you go to Rent-A-Center and rent a DSLR, that doesn't make Rent-A-Center responsible for the pictures taken by their cameras.