[License-review] For approval: The Cryptographic Autonomy License (Beta 4)
VanL
van.lindberg at gmail.com
Thu Dec 26 23:04:43 UTC 2019
On Tue, Dec 24, 2019 at 8:20 AM Pamela Chestek <pamela at chesteklegal.com>
wrote:
> Someone posted this on Twitter: "Scenario: Company X claims they are the
> Recipient, demands from Licensee the User Data associated with a list of
> employee names or IP addresses. Licensee incentivized to hand over the
> User Data to Company X: why risk going to court and end up not being the
> prevailing party?"
>
> My response was "Company X has to have possessory interest in User Data.
> Interesting potential conflict with privacy laws though."
>
There is no conflict with privacy laws - in fact, the CAL was written so
that compliance with the strongest extant privacy laws would also satisfy
the user data requirements of the CAL - and also, so that it did not
require giving any information that would be prohibited by current privacy
laws.
This does require that an operator receiving a request for user data that
may also fall under the privacy laws should be careful about the person to
whom that information is revealed, but any operator would need to be
careful to both 1) provide the proper data, and 2) not provide improper
data, regardless of the CAL.
As for interactions with things like HIPAA, employers do not acquire
ownership of data by paying for insurance, so I don't think that is an
issue.
Thanks,
Van
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191226/337a15e1/attachment.html>
More information about the License-review
mailing list