Deeply-weird privacy people update

So folks finally figured out what was behind that weird series of privacy emails I got: it turns out it was a privacy study being run at Princeton. It is not being run very well.

Here’s a pretty good Twitter thread about it and with more links to read:

Also something to make clear:

  1. This is a research study being presented as a legal inquiry and not a research study
  2. The preamble of the email is an active lie
  3. There are many better ways that they could have run this study

I do not appreciate having my time wasted by this nonsense.

Deeply-weird privacy people

Every now and then I get what feels like a bad-faith form letter from someone who I’ve never heard of before, has probably never even come to this website, and is probably a privacy lawyer out to make a quick buck.

UPDATE: The mystery has been solved.

Here’s the most recent one:

To Whom It May Concern:

My name is [REDACTED], and I am a resident of Norfolk, Virginia. I have a few questions about your process for responding to California Consumer Privacy Act (CCPA) data access requests:

Would you process a CCPA data access request from me even though I am not a resident of California? Do you process CCPA data access requests via email, a website, or telephone? If via a website, what is the URL I should go to? What personal information do I have to submit for you to verify and process a CCPA data access request? What information do you provide in response to a CCPA data access request? To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request.

Thank you in advance for your answers to these questions. If there is a better contact for processing CCPA requests regarding beesbuzz.biz, I kindly ask that you forward my request to them.

I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code.

Sincerely,

[REDACTED]

My response is to just direct them to the privacy policy for this website which is a weird thing for me to even need for, y'know, a personal blog.

Maybe I should just not respond and see if they try to sue me for data that I don’t have and have no reason to keep, though.

Incidentally the letter is always exactly the same except for the name and the cited law; they’re always from Roanoke, Virginia, and the wording is otherwise identical each time. They also always come from the same email domain.

So I mean it’s probably a bot, but… to what end? Other folks have been receiving these as well, and the prevailing theory is that it’s people trying to sell GDPR/CCPA compliance packages, but my responses have gone unanswered. So strange.