[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem.
Received: from a48-117.smtp-out.amazonses.com (a48-117.smtp-out.amazonses.com [54.240.48.117])
by [redacted]
with ESMTPS via TCP (port [redacted]/25) id [redacted]
tls TLS1_2_ECDHE_RSA_AES_128_CBC_SHA1 sni [redacted]; 14 Dec 2021 07:xx:xx -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=wmllxkgiwqlr6bhgz4il3hte7xibrdv5; d=princetonprivacystudy.org;
t=[redacted];
h=From:To:Subject:MIME-Version:Content-Type:Message-ID:Date;
bh=[redacted]=;
b=[redacted]==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=[redacted];
h=From:To:Subject:MIME-Version:Content-Type:Message-ID:Date:Feedback-ID;
bh=[redacted]=
From: Privacy Practices <privacypractices@princetonprivacystudy.org>
To: [redacted]
Subject: Questions About [redacted] Privacy Practices for Princeton
University Research
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=»—-=_Part_[redacted]»
Message-ID: <[redacted]@email.amazonses.com>
Date: Tue, 14 Dec 2021 07:xx:xx +0000
Feedback-ID: 1.us-east-1.[redacted]=:AmazonSES
X-SES-Outgoing: [redacted]
——=_Part_[redacted]
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
To Whom It May Concern,
We are researchers at Princeton University conducting a study of how websites
are implementing the EU and UK General Data Protection Regulation (GDPR) and
the California Consumer Privacy Act (CCPA). We are reaching out to you because
this email address is provided as a contact on the website [redacted].
Your website may be required to implement one or both of GDPR and CCPA, and we
would appreciate if you would answer a few brief questions about your privacy
practices.
1) Does [redacted] implement GDPR or CCPA? If not, could you please explain
why? If you are uncertain about whether [redacted] is required to implement
these laws or answer questions like ours, we have included informative
resources at the end of this email.
2) If you implement GDPR or CCPA, do you process data access requests from
individuals who are not residents of the EU or UK (for GDPR) or who are not
residents of California (for CCPA)?
3) If you implement GDPR or CCPA, do you process data access requests via
email, a website, or telephone? If via a website, what is the URL?
4) If you implement GDPR or CCPA, what personal information must a user submit
for you to verify and process a data access request?
5) If you implement GDPR or CCPA, what personal information do you provide in
response to a data access request?
Thank you in advance for your answers to these questions. If there is a better
contact for questions about privacy practices on [redacted], I kindly ask that
you forward my request to them.
Sincerely,
Ross Teixeira
\———-
We offer these resources about GDPR and CCPA for your convenience. Please note
that we cannot provide legal advice about whether [redacted] is required to
implement these laws or respond to our questions like ours about GDPR and CCPA
practices.
* Article 3 of the GDPR, which specifies coverage: [https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from;=EN#d1e1455-1-1](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1)
* European Data Protection Board guidance on GDPR coverage: <https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en>
* California Attorney General guidance on CCPA coverage: <https://oag.ca.gov/privacy/ccpa#sectiona>
* Section 1798.140 of the California Civil Code, which specifies the businesses that CCPA covers: [https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath;=8.4.45&lawCode;=CIV](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV)
——=_Part_[redacted]
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html lang=»en»>
[HTML redacted]
——=_Part_[redacted]—