I got a couple of copies of this message to addresses scraped off my websites. It was sent from AWS cloud using a recently registered domain so it's likely a phish, but "Ross Teixeira" is a real person, a grad student at Princeton. Needless to say, sending blasts of spam to scraped addresses is not going to get useful research results.

Anyone else get this? If you want to complain, Princeton's IRB which is supposed to review every experiment with human subjects is at i...@princeton.edu. Or if you want to ask Mr. Teixeira what the bleep he was thinking, he's at rteixe...@princeton.edu.

John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

---------- Forwarded message ----------
Date: Tue, 14 Dec 2021 03:03:40
From: Privacy Practices <privacypracti...@princetonprivacystudy.org>
To: infri...@iecc.com
Subject: Questions About iecc.com Privacy Practices for Princeton University

To Whom It May Concern,

We are researchers at Princeton University conducting a study of how websites 
are implementing the EU and UK General Data Protection Regulation (GDPR) and 
the California Consumer Privacy Act (CCPA). We are
reaching out to you because this email address is provided as a contact on the 
website iecc.com.

Your website may be required to implement one or both of GDPR and CCPA, and we 
would appreciate if you would answer a few brief questions about your privacy 

1) Does iecc.com implement GDPR or CCPA? If not, could you please explain why? 
If you are uncertain about whether iecc.com is required to implement these laws 
or answer questions like ours, we have included
informative resources at the end of this email.

2) If you implement GDPR or CCPA, do you process data access requests from 
individuals who are not residents of the EU or UK (for GDPR) or who are not 
residents of California (for CCPA)?

3) If you implement GDPR or CCPA, do you process data access requests via 
email, a website, or telephone? If via a website, what is the URL?

4) If you implement GDPR or CCPA, what personal information must a user submit 
for you to verify and process a data access request?

5) If you implement GDPR or CCPA, what personal information do you provide in 
response to a data access request?

Thank you in advance for your answers to these questions. If there is a better 
contact for questions about privacy practices on iecc.com, I kindly ask that 
you forward my request to them.

Ross Teixeira


We offer these resources about GDPR and CCPA for your convenience. Please note 
that we cannot provide legal advice about whether iecc.com is required to 
implement these laws or respond to our questions like
ours about GDPR and CCPA practices.

* Article 3 of the GDPR, which specifies coverage: 

* European Data Protection Board guidance on GDPR coverage: 

* California Attorney General guidance on CCPA coverage: 

* Section 1798.140 of the California Civil Code, which specifies the businesses 
that CCPA covers:

mailop mailing list

Reply via email to