>My questions are about your process for when I do submit a request.
It's really easy to read this as "I am going to be submitting a request."
>I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code.
Random blogger who's not a business does not have any connection to this. It's more like if I tell you I'll sue you for murder, high treason and collusion with the Martian invasion, is it really a legal threat? There's literally no legal way for me to sue anybody like that.
That’s an FAQ for consumers. It’s not legally binding.
>These FAQs provide general consumer information about the CCPA and how you can exercise your rights under the CCPA. They are not legal advice, regulatory guidance, or an opinion of the Attorney General. We will update this information periodically.
I understand that someone can do cursory research and be overly confident in their understanding of a law that spans 46 pages. I hope you can understand that people can be underconfident in their understanding of a law that spans 46 pages, is bound by the entirety of a state’s statutes and case law, and feel overwhelmed by someone asking for a response on their compliance with said law. Regardless of what their interpretation of the original email should or shouldn’t be.
>It's more like if I tell you I'll sue you for murder, high treason and collusion with the Martian invasion, is it really a legal threat? There's literally no legal way for me to sue anybody like that.
Comparing a reasonable fear that one may not be in compliance with a complex legal system to something absurd does not invalidate that fear.
A baseless legal threat is still a legal threat, and that legal threat may well merit the time and energy to hire a lawyer to verify the baselessness of said threat, and to file the motion to dismiss should a lawsuit be filed despite the baseless cause of action, lest one suffer a default judgement on account of a failure to respond.
As someone in another comment thread pointed out, the requirements also put you on the spot if 50,000 Cali citizens have personal data that you've got access to.
And, as someone also pointed out in that thread, being on Hackernews and having IP logging may be enough to trigger that requirement.
Further, with the absolute shitshow that is the US court system, if someone brings a frivolous suit you're looking at thousands of dollars in legal fees, because you're going to need a lawyer (or previous experience in law) to properly explain to the judge why this suit is utterly ridiculous. And there's no guarantee if you'll get compensated for that, even if you file counter-suit--and even if you do get compensation, it's likely going to happen several years later, after the guy who tried to sue you does everything in his power to avoid paying up, because he knows you're eventually going to run out of money.
I wrote the blog post from yesterday’s HN story, and that last paragraph is what worried me. I know I’m not a business, and I don’t make money from my project, and believe I’m not subject to the CCPA because of that. I dread the idea of having to prove that in court, though, and how expensive it might be to (hopefully!) prove I’m not liable for even accidentally violating it.
There’s a reason patent trolls, copyright trolls, ADA trolls, etc. go after small entities: they’re more like to pay a small settlement out of fear than risk taking it to court and being bankrupted.
Patents and copyrights aren't limited to businesses, you can be in copyright or patent violation even if you're a private person - in fact, I'd assume vast majority of copyright violations now are performed by private people without profit motive. That particular law however is clearly written to target specific businesses and exclude private persons.
One of the biggest issues with the Digital Millennium Copyright Act is that it was never designed for a world where Siivagunner[1] exists. On a fundamental level, it was built on the assumption that everyone involved can litigate--which means that the widespread ability to edit, remix, and review things has created some unfortunate exploits and exposed serious oversights in how the DMCA functions.
> I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code.
This reads as a thinly vieled command to respond, not a mere request, citing legal code and (incorrectly) asserting it's applicability as a basis for the authority to give such a command, with the implication being the possibility of legal action if the demanded response is not provided.
From the email:
>My questions are about your process for when I do submit a request.
It's really easy to read this as "I am going to be submitting a request."
>I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code.
So I'd say there is some legal threat here.