Home Academic writing Princeton-Radboud researchers suspend GDPR / CCPA study on ethics issues and industry...

Princeton-Radboud researchers suspend GDPR / CCPA study on ethics issues and industry backlash


Computer researchers at Princeton University and Radboud University conducted an academic study that sent suspicious-looking automated email messages to websites with GDPR and CCPA privacy policy requests from fake people . Email operators, web administrators and privacy professionals interpreted the messages as security risks and legal threats, prompting researchers to suspend the study and suppress all communication.

On December 11, 2021, Coywolf News received the following message from Kurt Mayfair with the subject line, Questions about the CCAC data access process for coywolf.news.

Email using fake character for Princeton-Radboud privacy law implementation research

The message sounded suspicious. It came from some email address, said they were from Virginia (not California), and didn’t provide any details about who they were associated with. Googling Kurt Mayfair also did not return any relevant results.

The most disturbing part of the post was the last paragraph, which read: “I look forward to your response as soon as possible and no later than 45 days of this email, as required by section 1798.130 of the California Civil Code.“I concluded two things from the message: first, it was probably spam, so I blocked the domain and reported it; and second, I should probably review my privacy policy, which I did. Also, I don’t care about CCPA and GDPR as Coywolf News doesn’t use cookies or collect data, and it uses GDPR and CCPA compliant site analytics.

CCPA and GDPR request emails containing fake personalities were part of Princeton-Radboud privacy law study

On December 26, 2021, Coywolf News received an email message from the Princeton-Radboud Privacy Law Implementation Study. The subject line read: “Please ignore recent emails regarding GDPR or CCPA processes.

Hello, You may have recently received an email from potomacmail.com regarding your process for responding to General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA) data requests for the following domains: coywolf.news.  Please ignore this email.  The email was sent as part of an academic research study on GDPR and CCPA, which we concluded.  We will delete all responses received by December 31, 2021. We sincerely apologize for any burdens caused by our study.  If you would like more information about the study or to contact our research team, please see: https://privacystudy.cs.princeton.edu.  Sincerely, Princeton-Radboud Privacy Law Implementation Study
Princeton Privacy Study email with details of previous email sent from a fake character

The email stated that the previous CCPA and GDPR investigation email was sent as part of an academic study on the implementation of the Privacy Act and that all responses would be rejected by December 31, 2021. It included a link to more details about the Privacy Law Study, which revealed who was behind the study, what they were studying, what was wrong and how they were trying to rectify his botched execution.

The page is maintained by the teacher Jonathan mayer at Princeton University Center for Information Technology Policy, the study’s principal investigator. In an update released on December 18, 2021, Professor Mayer said he was dismayed that the emails in our study appear to be security risks or legal threats. The purpose of our study was to understand privacy practices, not to create a burden on website operators, messaging system operators, or privacy professionals. I sincerely apologize. I am the principal investigator, and the responsibility is mine. In a subsequent update on December 21, 2021, he announced that they would remove all results.

We also received consistent feedback encouraging us to quickly reject responses to study emails. We agree and will delete all response data on December 31, 2021.

Professor Jonathan Mayer, Princeton-Radboud Study on Privacy Law Implementation

The page also included frequently asked questions (Faq) which addressed several concerns expressed by the subjects of the study. The FAQ confirmed the use of automation and “fake identities” (ie fake personalities). Mayer said he will write an ethics case study based on this experience to help other technology policy researchers avoid making similar mistakes in future studies.

Details of the Princeton-Radboud Privacy Law Enforcement Study can be found in this Princeton University subfield and in this IPFS archive (recorded December 27, 2021).

Jon henshaw

Jon is the founder of Coywolf and the EIC and senior reporting writer for Coywolf News. He is an industry veteran with over 25 years of experience in digital marketing and internet technologies. To follow @henshaw

Source link