[License-discuss] GDPR/CCPA and CAL
lrosen at rosenlaw.com
Mon Feb 17 02:58:25 UTC 2020
I would appreciate a more complete answer to Brian's question. GDPR and CCPA
deal with "personal information" under statutory authority in various
jurisdictions. Neither relies on copyright law to control access to or use
of personal information. So is CAL relying only on contractual law stated in
the license agreement to provide restrictions on the use or distribution of
such data? Where is the constitutional or statutory authority to control
data used by a copyrighted or patented work of software? Is this in
principle like the attempt of software licenses to control the uses of APIs?
Both may be an overreach. Strong wishes and heartfelt goals may not be
sufficient authority to do something with intellectual "property," if
property it actually is short of trade secrets or personal information.
This reveals how little I understand about this topic and about CAL.
From: License-review <license-review-bounces at lists.opensource.org> On Behalf
Sent: Thursday, February 13, 2020 12:03 PM
To: License submissions for OSI review <license-review at lists.opensource.org>
Subject: Re: [License-review] For approval: The Cryptographic Autonomy
License (Beta 4)
On Thu, Feb 13, 2020 at 1:56 PM Brian Behlendorf <brian at behlendorf.com
<mailto:brian at behlendorf.com> > wrote:
Has anyone considered the PII and GDPR/CCPA/etc implications of the CAL?
Could there be scenarios where the CAL requires behavior that the GDPR
The CAL was written with particular care to be compatible with the GDPR and
CCPA, and carefully use similar language. In fact, the first version had a
interpretive aid specifying that complying with specific paragraphs of the
GDPR would also result in a compliant delivery of user data under the CAL.
That paragraph was removed due to misunderstandings about its effects, but
it is still true.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the License-discuss