Questions About notmuchmail.org Privacy Practices for Princeton University Research

Questions About notmuchmail.org Privacy Practices for Princeton University Research

[Privacy Practices]

[-- Attachment #1.1: Type: text/plain, Size: 2718 bytes --]

To Whom It May Concern,

We are researchers at Princeton University conducting a study of how websites
are implementing the EU and UK General Data Protection Regulation (GDPR) and
the California Consumer Privacy Act (CCPA). We are reaching out to you because
this email address is provided as a contact on the website notmuchmail.org.

Your website may be required to implement one or both of GDPR and CCPA, and we
would appreciate if you would answer a few brief questions about your privacy
practices.

1) Does notmuchmail.org implement GDPR or CCPA? If not, could you please
explain why? If you are uncertain about whether notmuchmail.org is required to
implement these laws or answer questions like ours, we have included
informative resources at the end of this email.

2) If you implement GDPR or CCPA, do you process data access requests from
individuals who are not residents of the EU or UK (for GDPR) or who are not
residents of California (for CCPA)?

3) If you implement GDPR or CCPA, do you process data access requests via
email, a website, or telephone? If via a website, what is the URL?

4) If you implement GDPR or CCPA, what personal information must a user submit
for you to verify and process a data access request?

5) If you implement GDPR or CCPA, what personal information do you provide in
response to a data access request?

Thank you in advance for your answers to these questions. If there is a better
contact for questions about privacy practices on notmuchmail.org, I kindly ask
that you forward my request to them.

Sincerely,  
Ross Teixeira

\----------

We offer these resources about GDPR and CCPA for your convenience. Please note
that we cannot provide legal advice about whether notmuchmail.org is required
to implement these laws or respond to our questions like ours about GDPR and
CCPA practices.

* Article 3 of the GDPR, which specifies coverage: [https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from;=EN#d1e1455-1-1](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1)

* European Data Protection Board guidance on GDPR coverage: <https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en>

* California Attorney General guidance on CCPA coverage: <https://oag.ca.gov/privacy/ccpa#sectiona>

* Section 1798.140 of the California Civil Code, which specifies the businesses that CCPA covers: [https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath;=8.4.45&lawCode;=CIV](https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV)


[-- Attachment #1.2: Type: text/html, Size: 3139 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]