|
|
|
|
|
|
by toast0
1647 days ago
|
|
|
If the researcher is at Princeton, which (last I checked) is neither in the EU nor in California, they may not have standing to compel a response under GDPR or CCPA, both of which apply to data about persons within their territories, as I understand it (although interpretations certainly vary). According to the linked blog, the owner wasn't covered by CCPA anyway as I suspect is the case for a lot of the recipients, so there would still not be a response required. Some of the sites may have data exports and account deletion clearly available to users anyway, in which case no human interaction would be needed; but the research wasn't looking for that. |
|
|