As a follow up, to my letter, I received the following: > Thank you for reaching out about our research on the European Union General > Data Protection Regulation (GDPR) and the California Consumer Privacy Act > (CCPA). A component of the study involves requesting information from > websites about how they have implemented the consumer data access provisions > of the GDPR and the CCPA. Both the GDPR and CCPA provide for these types of > information requests. We would be glad to answer any questions you have about > the study goals, methods, and safeguards, and we welcome any additional > feedback you would like to provide. > > Sincerely, > Jonathan
That was really the wrong response. I responded explaining *exactly* how they are in violation of U.S. Federal law (CAN-SPAM), and I cc:ed the chair of the compsci department, and Princeton's general legal counsel. If you are going to send something, please let it be soon so as to make clear that I'm not a single cartoony voice crying in the wilderness. FWIW, here is the section of CAN-SPAM of which they are in violation: ‘‘§1037. Fraud and related activity in connection with electronic mail ‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, knowingly — ‘‘(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages, ‘‘(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages, ‘‘(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or ...shall be punished as provided in subsection (b). ‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, if— ‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations; ‘‘(C) the volume of electronic mail messages transmitted in furtherance of the offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period; ‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more in value during any 1-year period; ‘‘(E) as a result of the offense any individual committing the offense obtained anything of value aggregating $5,000 or more during any 1-year period; or ‘‘(F) the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader; --- Anne Anne P. Mitchell, Attorney at Law Author: Section 6 of the Federal CAN-SPAM Law Board of Directors, Denver Internet Exchange Professor Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Former Counsel: MAPS Anti-Spam Blacklist _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
