<div dir="auto">If you do, I am happy to be a resource.<br><br><div data-smartmail="gmail_signature">__________________________<br>Van Lindberg<br><a href="mailto:van.lindberg@gmail.com">van.lindberg@gmail.com</a><br>m: 214.364.7985</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Feb 15, 2020, 2:23 PM Josh Berkus <<a href="mailto:josh@berkus.org">josh@berkus.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2/14/20 4:24 PM, Brian Behlendorf wrote:<br>
> I realize this is moot with the OSI board recommending approval (or did<br>
> they approve?), but I'm not persuaded by what was written at that link<br>
> (starting with "GDPR is about privacy, not data" - the "D" is literally<br>
> "Data" and the P is not "Privacy"). I'm not a GDPR expert by any<br>
> stretch, but found in other discussions that making self-sovereign<br>
> identity systems GDPR-compatible to involve several layers of<br>
> non-trivial issues. Issues such as the fact that any particular bit of<br>
> data is rarely about just one person, and more often than not about two<br>
> people; hashed/encrypted data can also be PII; and that there are<br>
> reasonable exceptions where data can't be shared or deleted upon request<br>
> that are not machine-parseable situations (such as "valid business<br>
> reason"). GDPR's impact is also still evolving as enforcement actions<br>
> establish a track record for how it will be enforced and accepted by<br>
> judges on broad or narrow interpretive bases. It's a ton of complexity -<br>
> but all of which I find myself arguing on the side of being an<br>
> unavoidable part of the ethics of dealing with data about other people.<br>
<br>
Hmmm. I know a law student who is writing a paper on GDPR for school;<br>
I'll see if I can interest her in taking on CAL vs. GDPR as a law paper.<br>
<br>
-- <br>
Josh Berkus<br>
<br>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank" rel="noreferrer">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div>