I would appreciate a more complete answer to Brian's question. GDPR and CCPA deal with "personal information" under statutory authority in various jurisdictions. Neither relies on copyright law to control access to or use of personal information. So is CAL relying only on contractual law stated in the license agreement to provide restrictions on the use or distribution of such data? Where is the constitutional or statutory authority to control data used by a copyrighted or patented work of software? Is this in principle like the attempt of software licenses to control the uses of APIs? Both may be an overreach. Strong wishes and heartfelt goals may not be sufficient authority to do something with intellectual "property," if property it actually is short of trade secrets or personal information.
This reveals how little I understand about this topic and about CAL. /Larry From: License-review <[email protected]> On Behalf Of VanL Sent: Thursday, February 13, 2020 12:03 PM To: License submissions for OSI review <[email protected]> Subject: Re: [License-review] For approval: The Cryptographic Autonomy License (Beta 4) Hi Brian, On Thu, Feb 13, 2020 at 1:56 PM Brian Behlendorf <[email protected] <mailto:[email protected]> > wrote: Has anyone considered the PII and GDPR/CCPA/etc implications of the CAL? Could there be scenarios where the CAL requires behavior that the GDPR prevents? The CAL was written with particular care to be compatible with the GDPR and CCPA, and carefully use similar language. In fact, the first version had a interpretive aid specifying that complying with specific paragraphs of the GDPR would also result in a compliant delivery of user data under the CAL. That paragraph was removed due to misunderstandings about its effects, but it is still true. Thanks, Van
_______________________________________________ License-discuss mailing list [email protected] http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
