[License-review] For Approval: Twente License

Anand Chowdhary anandchowdhary at gmail.com
Wed Feb 6 14:30:16 UTC 2019


Hi Lukas,

Thank you for your thorough evaluation. I agree with you, especially how a better license can be created with transparency requirements. I will definitely think about this some more.

Carlo, I would like you thank you once again for your in-depth explanation. Do you think your perspective changes with a transparency requirement, since there is not laws mandated?

Best,

Anand Chowdhary
Chief Executive Officer
Oswald Labs

NL +31 644691056
IN +91 9555297989
ceo at oswaldlabs.com
On 6 Feb 2019, 15:11 +0100, Lukas Atkinson <opensource at lukasatkinson.de>, wrote:
> While any open source license expresses certain values, I do not think
> licenses are a good vehicle of ethics. To fulfil the goal of Twente,
> the next best available Open Source license would likely be a network
> copyleft like the AGPL: that way, end users can at least inspect the
> software they are using.
>
> Here, a problem is that the Twente License aims to regulate *use* of
> the software, not just the copying and modification of the software.
> I.e. it regulates something that is out of scope for copyright, and
> takes away rights that users would otherwise have. (Similar problems
> have been discussed regarding the SSPL). This is definitively an
> OSD-incompatible restriction in jurisdictions where these privacy
> rules wouldn't be mandatory anyway.
>
> I'd like to point out that even the EU is such a jurisdiction, as the
> Twente License has a weird intersection with the GDPR: Twente covers a
> more narrow area, but in that area is more restrictive.
> - Twente covers only collecting PII from users and releasing that data
> to third parties. GDPR covers any processing of any personal data, and
> has a clear concept of Data Processors that are not third parties.
> - Twente only recognizes consent as the basis for collection &
> release. GDPR also recognizes legitimate interest, necessity for
> fulfilment of a contract, and legal obligations (like a warrant, or
> maintaining accounting records).
> - Twente does not define critical terms such as user, PII, collect,
> consent, release, third party.
>
> In a literal reading of the Twente license, the privacy paragraph
> could be circumvented by running the Twente-covered software as a
> separate service so that it neither collects nor releases any data
> directly. If Twente's restrictions do not apply to the *software* but
> to the *operator* of the software, this makes it so much clearer that
> this is indeed an OSD #6 violation.
>
> I am also not sure whether Twente-covered software could realistically
> be used e.g. for e-commerce solutions due to the high bar that
> “unambiguous prior consent” represents, for example when sharing
> necessary data with a payment processor or logistics provider.
>
> I think it might be possible to construct a better license by dropping
> any usage restrictions and substituting transparency requirements.
> E.g. when the software is conveyed in non-source form or publicly
> performed so that others can interact with the software, then the
> software must provide (a) proper attribution like under the normal MIT
> license; and (b) a statement on who acts as a Data Controller in the
> sense of the GDPR. Unfortunately, that would make it very difficult to
> distribute binaries without taking on responsibilities as a
> Controller.
>
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190206/232a58ef/attachment.html>


More information about the License-review mailing list