On December 11, 2021, Coywolf News received the following message from Kurt Mayfair with the subject line, Questions about the CCAC data access process for coywolf.news.
The message sounded suspicious. It came from some email address, said they were from Virginia (not California), and didn’t provide any details about who they were associated with. Googling
Kurt Mayfair also did not return any relevant results.
CCPA and GDPR request emails containing fake personalities were part of Princeton-Radboud privacy law study
On December 26, 2021, Coywolf News received an email message from the Princeton-Radboud Privacy Law Implementation Study. The subject line read: “Please ignore recent emails regarding GDPR or CCPA processes.“
The email stated that the previous CCPA and GDPR investigation email was sent as part of an academic study on the implementation of the Privacy Act and that all responses would be rejected by December 31, 2021. It included a link to more details about the Privacy Law Study, which revealed who was behind the study, what they were studying, what was wrong and how they were trying to rectify his botched execution.
The page is maintained by the teacher Jonathan mayer at Princeton University Center for Information Technology Policy, the study’s principal investigator. In an update released on December 18, 2021, Professor Mayer said he was
dismayed that the emails in our study appear to be security risks or legal threats. The purpose of our study was to understand privacy practices, not to create a burden on website operators, messaging system operators, or privacy professionals. I sincerely apologize. I am the principal investigator, and the responsibility is mine. In a subsequent update on December 21, 2021, he announced that they would remove all results.
We also received consistent feedback encouraging us to quickly reject responses to study emails. We agree and will delete all response data on December 31, 2021.
Professor Jonathan Mayer, Princeton-Radboud Study on Privacy Law Implementation
The page also included frequently asked questions (Faq) which addressed several concerns expressed by the subjects of the study. The FAQ confirmed the use of automation and “fake identities” (ie fake personalities). Mayer said he will write an ethics case study based on this experience to help other technology policy researchers avoid making similar mistakes in future studies.
Details of the Princeton-Radboud Privacy Law Enforcement Study can be found in this Princeton University subfield and in this IPFS archive (recorded December 27, 2021).
Jon is the founder of Coywolf and the EIC and senior reporting writer for Coywolf News. He is an industry veteran with over 25 years of experience in digital marketing and internet technologies. To follow @henshaw