Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sounds like a good place for a class action! Those legal fees ought to come out of Princeton.


Why? If that's indeed the law, then it's up to the website owner to comply. Whether it's Princeton or a private individual writing the email doesn't matter.


A key point is that it's not indeed the law. Many (probably most) of the recipients - including the author of the original article - are not actually required by Section 1798.130 of the California Civil Code do do anything even if it was a legitimate question from a real person, because their websites are far below the limits were those CCPA requirements start to apply.

The survey was making a fraudulent legal threat, requiring the recipient do some things for the benefit of the sender (namely, providing them with data for the study; also lying about how that data will be used) based on false allegations that there is a legal duty for them to respond in some certain time, while in fact there is none.


The websites have to comply with the law, but a university should not be sending them emails lying about their obligations under any law.

The emails were from fake people. So any work preparing any response regarding those fake peoples personal data is obviously not required by law. They don't exist.

And, as pointed out elsewhere in the thread, the researchers are probably not protected by either of CCPA or GDPR.


There's a big difference between:

* one honest email

* thousands or millions, sent under false pretenses

There are two differences:

1) I'm allowed to cold call you. I'm not allowed to set up a robot to place millions of automated phone calls.

2) If I lie, I may have a problem. Someone runs up to your home and yells that your house is on fire, and you believe them. You jump out of a second-story window, breaking your windows and your legs. They do it in a stunt for TikTok. Who do you think is liable?

A third difference is IRBs. The right place to handle this are complaints to OMB; Princeton should lose federal funding here.


> Why?

No costs would have been incurred without Princeton asking a very scary question.

Additionally, by not disclosing that the question was research, they also skewed the results if they were looking to see what prevailing attitudes and practices actually are.


Because they sent me three emails and I don't even provide a service for the domains they mentioned.


On what basis? Why can't we reasonably expect these sites to follow the laws? Just that they have in past survived being unethical and not following them does mean they have some sort of claim when they scramble to fix their failures.


The sites that are big corporates that abuse the shit out of this insufficient law will just consider it legitimate interest and they are vendors, not affiliates with the data being sold to.

A huge amount of the people that got this were ethical, individual, not corporate, not profit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: