We apologize for not providing more notice. The CCPA was finalized in October, and it contains a number of ambiguities, particularly as it relates to our products. To arrive at our current interpretation, it has taken many weeks of working with privacy lawyers, following discussions in the privacy community, and observing actions other companies have taken. We're sorry for the timing, appreciating the frustration it causes, and wish we could have provided more notice.
Will it be possible for malicious users to inflate the size of the database dramatically by submitting thousands/millions of Do Not Sell IPs?
Also, what’s the procedure a user needs to go through before adding an IP to the Do Not Sell list? How do you determine the users authority to make a change? I didn’t see any info on the notice itself. Hopefully you require the user to show extended “ownership” of the IP over the course of a month or more, lest users on dynamic IPs and temporary AWS/GCP/etc IPs are submitted for removal.
MaxMind will provide immediate notification of Do Not Sell requests via the https://www.maxmind.com/en/accounts/current/do-not-sell-requ... page on our website (login required).
Future builds of the database will exclude those IP addresses by introducing the "split ranges" you describe.
Hope that helps.
Mark Fowler MaxMind