I see the issue being the email was formulated in a way that is easily perceived as a legal threat. I don't see how it is ethical for a study to be sending out legal threats to see how someone responds. Now if the goal is to understand how websites respond to the CCPA/GDPR then it shouldn't be too difficult to ask how they would respond to a request and note that it is part of a voluntary study.