I got a couple of copies of this message to addresses scraped off my
websites. It was sent from AWS cloud using a recently registered domain
so it's likely a phish, but "Ross Teixeira" is a real person, a grad
student at Princeton. Needless to say, sending blasts of spam to scraped
addresses is not going to get useful research results.
Anyone else get this? If you want to complain, Princeton's IRB which is
supposed to review every experiment with human subjects is at
i...@princeton.edu. Or if you want to ask Mr. Teixeira what the bleep he
was thinking, he's at rteixe...@princeton.edu.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
---------- Forwarded message ----------
Date: Tue, 14 Dec 2021 03:03:40
From: Privacy Practices <privacypracti...@princetonprivacystudy.org>
To: infri...@iecc.com
Subject: Questions About iecc.com Privacy Practices for Princeton University
Research
To Whom It May Concern,
We are researchers at Princeton University conducting a study of how websites
are implementing the EU and UK General Data Protection Regulation (GDPR) and
the California Consumer Privacy Act (CCPA). We are
reaching out to you because this email address is provided as a contact on the
website iecc.com.
Your website may be required to implement one or both of GDPR and CCPA, and we
would appreciate if you would answer a few brief questions about your privacy
practices.
1) Does iecc.com implement GDPR or CCPA? If not, could you please explain why?
If you are uncertain about whether iecc.com is required to implement these laws
or answer questions like ours, we have included
informative resources at the end of this email.
2) If you implement GDPR or CCPA, do you process data access requests from
individuals who are not residents of the EU or UK (for GDPR) or who are not
residents of California (for CCPA)?
3) If you implement GDPR or CCPA, do you process data access requests via
email, a website, or telephone? If via a website, what is the URL?
4) If you implement GDPR or CCPA, what personal information must a user submit
for you to verify and process a data access request?
5) If you implement GDPR or CCPA, what personal information do you provide in
response to a data access request?
Thank you in advance for your answers to these questions. If there is a better
contact for questions about privacy practices on iecc.com, I kindly ask that
you forward my request to them.
Sincerely,
Ross Teixeira
----------
We offer these resources about GDPR and CCPA for your convenience. Please note
that we cannot provide legal advice about whether iecc.com is required to
implement these laws or respond to our questions like
ours about GDPR and CCPA practices.
* Article 3 of the GDPR, which specifies coverage:
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1
* European Data Protection Board guidance on GDPR coverage:
https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en
* California Attorney General guidance on CCPA coverage:
https://oag.ca.gov/privacy/ccpa#sectiona
* Section 1798.140 of the California Civil Code, which specifies the businesses
that CCPA covers:
https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
