> I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code.

First, the CCPA doesn't apply to my site. It's non-commercial, has many fewer users than required to invoke the CCPA, and zero revenue. No provisions of the CCPA require me to do anything.

Second, the questions were about how I'd handle a CCPA request, and weren't actually a request at all:

> 1. Would you process a CCPA data access request from me even though I am not a resident of California?

> 2. Do you process CCPA data access requests via email, a website, or telephone? If via a website, what is the URL I should go to?

> 3. What personal information do I have to submit for you to verify and process a CCPA data access request?

> 4. What information do you provide in response to a CCPA data access request?

The CCPA doesn't obligate anyone to explain their internal processes. It obligates covered entities to respond to the requests themselves, but not to random drive-by questions.

So basically, that sentence was completely wrong. The CCPA doesn't apply to me, and even if it did, the law doesn't say what the researchers claim it did.

So then the problem actually is that they misinterpreted the law. If someone misinterpreting the law can cause such stress and waste such time, shouldn't society safeguard against this?