<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div name="messageBodySection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">Hi Lukas,
<div><br /></div>
<div>Thank you for your thorough evaluation. I agree with you, especially how a better license can be created with transparency requirements. I will definitely think about this some more.</div>
<div><br /></div>
<div>Carlo, I would like you thank you once again for your in-depth explanation. Do you think your perspective changes with a transparency requirement, since there is not laws mandated?</div>
</div>
<div name="messageSignatureSection"><br />
<div class="matchFont">Best,
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><br style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;" /></div>
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">Anand Chowdhary
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">Chief Executive Officer</div>
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><a href="https://oswaldlabs.com" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">Oswald Labs</a></div>
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><br style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;" /></div>
<div style="font-size: 14px; opacity: 0.8; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">NL +31 644691056</div>
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">IN +91 9555297989</div>
<div style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><a href="http://mailto:ceo@oswaldlabs.com" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">ceo@oswaldlabs.com</a></div>
</div>
</div>
</div>
</div>
<div name="messageReplySection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">On 6 Feb 2019, 15:11 +0100, Lukas Atkinson <opensource@lukasatkinson.de>, wrote:<br />
<blockquote type="cite" style="margin: 5px 5px; padding-left: 10px; border-left: thin solid #1abc9c;">While any open source license expresses certain values, I do not think<br />
licenses are a good vehicle of ethics. To fulfil the goal of Twente,<br />
the next best available Open Source license would likely be a network<br />
copyleft like the AGPL: that way, end users can at least inspect the<br />
software they are using.<br />
<br />
Here, a problem is that the Twente License aims to regulate *use* of<br />
the software, not just the copying and modification of the software.<br />
I.e. it regulates something that is out of scope for copyright, and<br />
takes away rights that users would otherwise have. (Similar problems<br />
have been discussed regarding the SSPL). This is definitively an<br />
OSD-incompatible restriction in jurisdictions where these privacy<br />
rules wouldn't be mandatory anyway.<br />
<br />
I'd like to point out that even the EU is such a jurisdiction, as the<br />
Twente License has a weird intersection with the GDPR: Twente covers a<br />
more narrow area, but in that area is more restrictive.<br />
- Twente covers only collecting PII from users and releasing that data<br />
to third parties. GDPR covers any processing of any personal data, and<br />
has a clear concept of Data Processors that are not third parties.<br />
- Twente only recognizes consent as the basis for collection &<br />
release. GDPR also recognizes legitimate interest, necessity for<br />
fulfilment of a contract, and legal obligations (like a warrant, or<br />
maintaining accounting records).<br />
- Twente does not define critical terms such as user, PII, collect,<br />
consent, release, third party.<br />
<br />
In a literal reading of the Twente license, the privacy paragraph<br />
could be circumvented by running the Twente-covered software as a<br />
separate service so that it neither collects nor releases any data<br />
directly. If Twente's restrictions do not apply to the *software* but<br />
to the *operator* of the software, this makes it so much clearer that<br />
this is indeed an OSD #6 violation.<br />
<br />
I am also not sure whether Twente-covered software could realistically<br />
be used e.g. for e-commerce solutions due to the high bar that<br />
“unambiguous prior consent” represents, for example when sharing<br />
necessary data with a payment processor or logistics provider.<br />
<br />
I think it might be possible to construct a better license by dropping<br />
any usage restrictions and substituting transparency requirements.<br />
E.g. when the software is conveyed in non-source form or publicly<br />
performed so that others can interact with the software, then the<br />
software must provide (a) proper attribution like under the normal MIT<br />
license; and (b) a statement on who acts as a Data Controller in the<br />
sense of the GDPR. Unfortunately, that would make it very difficult to<br />
distribute binaries without taking on responsibilities as a<br />
Controller.<br />
<br />
_______________________________________________<br />
License-review mailing list<br />
License-review@lists.opensource.org<br />
http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org<br /></blockquote>
</div>
</body>
</html>